CVE-2018-16464
Description
A missing access check in Nextcloud Server prior to 14.0.0 could lead to continued access to password protected link shares when the owner had changed the password.
References
Vendor Advisory
Third Party Advisory
CvssV3 impact
BaseSeverity | MEDIUM |
ConfidentialityImpact | HIGH |
AttackComplexity | LOW |
Scope | UNCHANGED |
AttackVector | NETWORK |
AvailabilityImpact | NONE |
IntegrityImpact | NONE |
PrivilegesRequired | LOW |
BaseScore | 5.7 |
VectorString | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N |
Version | 3.0 |
UserInteraction | REQUIRED |
CvssV2 impact
Version | 2.0 |
VectorString | AV:N/AC:M/Au:S/C:P/I:N/A:N |
AccessVector | NETWORK |
AccessComplexity | MEDIUM |
Authentication | SINGLE |
ConfidentialityImpact | PARTIAL |
IntegrityImpact | NONE |
AvailabilityImpact | NONE |
BaseScore | 3.5 |