Описание
Nextcloud Server before 12.0.8 and 13.0.3 suffer from improper authentication on the OAuth2 token endpoint. Missing checks potentially allowed handing out new tokens in case the OAuth2 client was partly compromised.
Ссылки
- Third Party Advisory
- Broken LinkVendor Advisory
- Third Party Advisory
- Broken LinkVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 12.0.8 (исключая)Версия от 13.0.0 (включая) до 13.0.3 (исключая)
Одно из
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 69%
0.00628
Низкий
8.1 High
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-287
CWE-287
Связанные уязвимости
CVSS3: 8.1
debian
почти 7 лет назад
Nextcloud Server before 12.0.8 and 13.0.3 suffer from improper authent ...
CVSS3: 8.1
github
около 3 лет назад
Nextcloud Server before 12.0.8 and 13.0.3 suffer from improper authentication on the OAuth2 token endpoint. Missing checks potentially allowed handing out new tokens in case the OAuth2 client was partly compromised.
EPSS
Процентиль: 69%
0.00628
Низкий
8.1 High
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-287
CWE-287