PT-2018-13591 · Nextcloud+1 · Nextcloud Server+1
Born2Hack
·
Publicado
2018-09-03
·
Atualizado
2019-10-09
·
CVE-2018-16466
CVSS v3.1
8.1
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Nextcloud Server versions prior to 14.0.0
Nextcloud Server versions prior to 13.0.6
Nextcloud Server versions prior to 12.0.11
Description
The issue is related to improper revalidation of permissions, which leads to access tokens not accepting access restrictions.
Recommendations
For versions prior to 14.0.0, update to version 14.0.0 or later.
For versions prior to 13.0.6, update to version 13.0.6 or later.
For versions prior to 12.0.11, update to version 12.0.11 or later.
Correção
Improper Access Control
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Alt Linux
Nextcloud Server