CVE-2018-3775

Опубликовано: 12 авг. 2018

Источник: nvd

CVSS3: 8.8

CVSS2: 4

EPSS Низкий

Описание

Improper Authentication in Nextcloud Server prior to version 12.0.3 would allow an attacker that obtained user credentials to bypass the 2 Factor Authentication.

Ссылки

https://hackerone.com/reports/248656
Issue Tracking
Third Party Advisory
https://nextcloud.com/security/advisory/?id=NC-SA-2018-007
Broken Link
Vendor Advisory
https://hackerone.com/reports/248656
Issue Tracking
Third Party Advisory
https://nextcloud.com/security/advisory/?id=NC-SA-2018-007
Broken Link
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*

Версия до 12.0.3 (исключая)

EPSS

Процентиль: 41%

0.00185

Низкий

8.8 High

CVSS3

4 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

CVE-2018-3775

CVSS3: 8.8

debian

почти 7 лет назад

Improper Authentication in Nextcloud Server prior to version 12.0.3 wo ...

GHSA-2v55-qcx6-c482

CVSS3: 8.8

github

около 3 лет назад

Improper Authentication in Nextcloud Server prior to version 12.0.3 would allow an attacker that obtained user credentials to bypass the 2 Factor Authentication.

EPSS

Процентиль: 41%

0.00185

Низкий

8.8 High

CVSS3

4 Medium

CVSS2

Дефекты

CWE-287