ByteOS Network

NVD Vulnerability Details :

CVE-2018-3761

Analyzed

Source-support@hackerone.com

Published At-05 Jul, 2018 | 16:29

Updated At-28 Feb, 2023 | 17:51

Nextcloud Server before 12.0.8 and 13.0.3 suffer from improper authentication on the OAuth2 token endpoint. Missing checks potentially allowed handing out new tokens in case the OAuth2 client was partly compromised.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	8.1	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Primary	2.0	5.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:N

CPE Matches

Nextcloud GmbH

>>nextcloud_server>>Versions before 12.0.8(exclusive)

cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*

Nextcloud GmbH

>>nextcloud_server>>Versions from 13.0.0(inclusive) to 13.0.3(exclusive)

cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-287	Primary	nvd@nist.gov
CWE-287	Secondary	support@hackerone.com

References

Hyperlink	Source	Resource
https://hackerone.com/reports/343111	support@hackerone.com	Third Party Advisory
https://nextcloud.com/security/advisory/?id=nc-sa-2018-003	support@hackerone.com	Broken Link Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History