Description
Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead to not accepting access restrictions by acess tokens.
Related CPE's
a
nextcloud
nextcloud_server
8
References
https://hackerone.com/reports/388515
Third Party Advisory
https://nextcloud.com/security/advisory/?id=NC-SA-2018-010
Vendor Advisory
CVSS impact metrics
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
8.1 · High
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Modified
Published
2018-10-30T21:29:00.793
6 years agoLast modified
2019-10-09T23:36:09.627
5 years ago