CVE-2017-0892

Опубликовано: 08 мая 2017

Источник: nvd

CVSS3: 3.5

CVSS2: 4.3

EPSS Низкий

Описание

Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an application specific password without permission to the files access to the users file.

Ссылки

https://hackerone.com/reports/191979
Third Party Advisory
https://nextcloud.com/security/advisory/?id=nc-sa-2017-009
Broken Link
Patch
Vendor Advisory
https://hackerone.com/reports/191979
Third Party Advisory
https://nextcloud.com/security/advisory/?id=nc-sa-2017-009
Broken Link
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*

Версия до 11.0.3 (исключая)

EPSS

Процентиль: 73%

0.00782

Низкий

3.5 Low

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-285

CWE-384

Связанные уязвимости

CVE-2017-0892

CVSS3: 3.5

debian

около 8 лет назад

Nextcloud Server before 11.0.3 is vulnerable to an improper session ha ...

GHSA-v6cm-gq9r-7cpp

CVSS3: 3.5

github

около 3 лет назад

Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an application specific password without permission to the files access to the users file.

EPSS

Процентиль: 73%

0.00782

Низкий

3.5 Low

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-285

CWE-384