Nextcloud Server before 12.0.8 and 13.0.3 suffers from improper checks of dropped permissions for incoming shares allowing a user to still request previews for files it should not have access to.
References
Link | Resource |
---|---|
https://hackerone.com/reports/358339 | Third Party Advisory |
https://nextcloud.com/security/advisory/?id=nc-sa-2018-002 | Broken Link Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
28 Feb 2023, 17:52
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://nextcloud.com/security/advisory/?id=nc-sa-2018-002 - Broken Link, Vendor Advisory | |
CPE |
Information
Published : 2018-07-05 16:29
Updated : 2023-12-10 12:30
NVD link : CVE-2018-3762
Mitre link : CVE-2018-3762
CVE.ORG link : CVE-2018-3762
JSON object : View
Products Affected
nextcloud
- nextcloud_server