CVE-2018-16463
Description
A bug causing session fixation in Nextcloud Server prior to 14.0.0, 13.0.3 and 12.0.8 could potentially allow an attacker to obtain access to password protected shares.
Related CPE's
References
Vendor Advisory
Third Party Advisory
CvssV3 impact
BaseSeverity | LOW |
ConfidentialityImpact | LOW |
AttackComplexity | HIGH |
Scope | UNCHANGED |
AttackVector | NETWORK |
AvailabilityImpact | NONE |
IntegrityImpact | LOW |
PrivilegesRequired | HIGH |
BaseScore | 3.1 |
VectorString | CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N |
Version | 3.0 |
UserInteraction | REQUIRED |
CvssV2 impact
Version | 2.0 |
VectorString | AV:N/AC:H/Au:S/C:P/I:P/A:N |
AccessVector | NETWORK |
AccessComplexity | HIGH |
Authentication | SINGLE |
ConfidentialityImpact | PARTIAL |
IntegrityImpact | PARTIAL |
AvailabilityImpact | NONE |
BaseScore | 3.5999999046325684 |