PT-2018-16194 · Nextcloud+1 · Nextcloud Server+1

Zhouyuan Yang

·

Publicado

2017-09-21

·

Atualizado

2023-02-28

·

CVE-2018-3776

CVSS v3.1

5.3

Média

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Name of the Vulnerable Software and Affected Versions Nextcloud Server versions prior to 12.0.3 Nextcloud Server versions prior to 11.0.5
Description The issue is related to an improper input validator, which could allow an attacker's actions to remain unlogged in the audit log.
Recommendations For versions prior to 12.0.3, update to version 12.0.3 or later. For versions prior to 11.0.5, update to version 11.0.5 or later.

Correção

RCE

Insertion into Log File

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-532

Identificadores relacionados

ALT-PU-2017-2277
CVE-2018-3776

Produtos afetados

Alt Linux
Nextcloud Server