HIGH✓ PATCH🇬🇧 English

CVE-2018-16466

CVSS 8.1v3.0pub. 2018-10-30upd. 2024-11-21

Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead to not accepting access restrictions by acess tokens.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
  • Nextcloud Server

    APP
    Nextcloud
    14.0.0< 12.0.1113.0.0 – 13.0.6 (bez)
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2023-26482CRITICAL9.0ten sam produkt

Nextcloud server is an open source home cloud implementation. In affected versions a missing scope validation ...

CVE-2021-32802CRITICAL9.3ten sam produkt

Nextcloud server is an open source, self hosted personal cloud. Nextcloud supports rendering image previews fo...

CVE-2021-22915CRITICAL9.8ten sam produkt

Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brute force attacks due to lack of inclusion...

CVE-2026-45281HIGH8.1ten sam produkt

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before...

CVE-2024-37313HIGH7.3ten sam produkt

Nextcloud server is a self hosted personal cloud system. Under some circumstance it was possible to bypass the...