CVE-2019-15612
Description
A bug in Nextcloud Server 15.0.2 causes pending 2FA logins to not be correctly expired when the password of the user is reset.
Related CPE's
References
Vendor Advisory
Permissions RequiredThird Party Advisory
CvssV3 impact
Version | 3.1 |
VectorString | CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
AttackVector | PHYSICAL |
AttackComplexity | LOW |
PrivilegesRequired | LOW |
UserInteraction | NONE |
Scope | UNCHANGED |
ConfidentialityImpact | HIGH |
IntegrityImpact | HIGH |
AvailabilityImpact | NONE |
BaseScore | 5.9 |
BaseSeverity | MEDIUM |
CvssV2 impact
Version | 2.0 |
VectorString | AV:L/AC:L/Au:S/C:P/I:P/A:N |
AccessVector | LOCAL |
AccessComplexity | LOW |
Authentication | SINGLE |
ConfidentialityImpact | PARTIAL |
IntegrityImpact | PARTIAL |
AvailabilityImpact | NONE |
BaseScore | 3.200000047683716 |