PT-2018-13588 · Nextcloud+1 · Nextcloud Server+1

Published

2018-06-19

Updated

2019-10-09

CVE-2018-16463

CVSS v2.0

3.6

Low

Vector

AV:N/AC:H/Au:S/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Nextcloud Server versions prior to 14.0.0 Nextcloud Server version 13.0.3 and earlier Nextcloud Server version 12.0.8 and earlier

Description A bug in the software causes session fixation, potentially allowing an attacker to obtain access to password-protected shares.

Recommendations For versions prior to 14.0.0, update to version 14.0.0 or later. For version 13.0.3 and earlier, update to version 13.0.4 or later. For version 12.0.8 and earlier, update to version 12.0.9 or later.

Fix

Session Fixation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-384

Related Identifiers

ALT-PU-2018-1913

CVE-2018-16463

Affected Products

Alt Linux

Nextcloud Server

PT-2018-13588 · Nextcloud+1 · Nextcloud Server+1

CVE-2018-16463

Weakness Enumeration

Related Identifiers

Affected Products

References · 10