CVE-2018-3776Improper Input Validation in Server

CWE-20Improper Input ValidationCWE-532Log File Information Exposure7 documents5 sources
Severity
5.3MEDIUMNVD
EPSS
0.3%
top 49.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nextcloud ServerHackerone Nextcloud Server
Timeline
PublishedAug 12
Latest updateMay 13

Description

Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker's actions not being logged in the audit log.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDnextcloud/nextcloud_server11.0.011.0.5+1
CVEListV5hackerone/nextcloud_server<12.0.3 <11.0.5

🔴Vulnerability Details

3
GHSA
GHSA-grrj-5c92-774h: Improper input validator in Nextcloud Server prior to 122022-05-13
OSV
linux-lts-xenial, linux-aws vulnerabilities2018-10-01
CVEList
CVE-2018-3776: Improper input validator in Nextcloud Server prior to 122018-08-12

💬Community

3
Bugzilla
CVE-2018-3776 nextcloud: Improper input validation allows attackers to not have their actions logged to the audit log [fedora-all]2018-08-22
Bugzilla
CVE-2018-3776 nextcloud: Improper input validation allows attackers to not have their actions logged to the audit log2018-08-22
Bugzilla
CVE-2018-3776 nextcloud: Improper input validation allows attackers to not have their actions logged to the audit log [epel-7]2018-08-22
CVE-2018-3776 — Improper Input Validation in Server | cvebase