CVE-2018-16465

Опубликовано: 30 окт. 2018

Источник: nvd

CVSS3: 5.3

CVSS2: 4.3

EPSS Низкий

Описание

Missing state in Nextcloud Server prior to 14.0.0 would not enforce the use of a second factor at login if the the provider of the second factor failed to load.

Ссылки

https://hackerone.com/reports/317711
Third Party Advisory
https://nextcloud.com/security/advisory/?id=NC-SA-2018-011
Vendor Advisory
https://hackerone.com/reports/317711
Third Party Advisory
https://nextcloud.com/security/advisory/?id=NC-SA-2018-011
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*

Версия до 14.0.0 (исключая)

EPSS

Процентиль: 36%

0.00149

Низкий

5.3 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

CVE-2018-16465

CVSS3: 5.3

debian

больше 6 лет назад

Missing state in Nextcloud Server prior to 14.0.0 would not enforce th ...

GHSA-v76x-gvw2-m5rp

CVSS3: 5.3

github

около 3 лет назад

Missing state in Nextcloud Server prior to 14.0.0 would not enforce the use of a second factor at login if the the provider of the second factor failed to load.

EPSS

Процентиль: 36%

0.00149

Низкий

5.3 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-287