PT-2018-16180 · Nextcloud+2 · Nextcloud Server+2

Noumar

Publicado

2018-06-19

Atualizado

2023-02-28

CVE-2018-3761

CVSS v3.1

8.1

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Nextcloud Server versions prior to 12.0.8 Nextcloud Server versions prior to 13.0.3

Description The issue is related to improper authentication on the OAuth2 token endpoint. It involves missing checks that could potentially allow handing out new tokens if the OAuth2 client was partly compromised.

Recommendations For versions prior to 12.0.8, update to version 12.0.8 or later. For versions prior to 13.0.3, update to version 13.0.3 or later.

Correção

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

ALT-PU-2018-1913

CVE-2018-3761

OPENSUSE-SU-2018_1924-1

Produtos afetados

Alt Linux

Nextcloud Server

Suse

PT-2018-16180 · Nextcloud+2 · Nextcloud Server+2

CVE-2018-3761

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 15