CVE-2018-16465

Description

Missing state in Nextcloud Server prior to 14.0.0 would not enforce the use of a second factor at login if the the provider of the second factor failed to load.

CvssV3 impact

BaseSeverity

MEDIUM

ConfidentialityImpact

NONE

AttackComplexity

HIGH

Scope

UNCHANGED

AttackVector

NETWORK

AvailabilityImpact

NONE

IntegrityImpact

HIGH

PrivilegesRequired

LOW

BaseScore

5.3

VectorString

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

Version

3.0

UserInteraction

NONE

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:M/Au:N/C:N/I:P/A:N

AccessVector

NETWORK

AccessComplexity

MEDIUM

Authentication

NONE

ConfidentialityImpact

NONE

IntegrityImpact

PARTIAL

AvailabilityImpact

NONE

BaseScore

4.300000190734863