Описание
A missing user check in Nextcloud prior to 20.0.6 inadvertently populates a user's own credentials for other users external storage configuration when not already configured yet.
Ссылки
- ExploitIssue TrackingPatchThird Party Advisory
- PatchThird Party Advisory
- Issue TrackingThird Party Advisory
- Broken LinkVendor Advisory
- ExploitIssue TrackingPatchThird Party Advisory
- PatchThird Party Advisory
- Issue TrackingThird Party Advisory
- Broken LinkVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 20.0.6 (исключая)
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
EPSS
Процентиль: 63%
0.00463
Низкий
6.5 Medium
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-284
CWE-862
Связанные уязвимости
CVSS3: 6.5
debian
больше 4 лет назад
A missing user check in Nextcloud prior to 20.0.6 inadvertently popula ...
CVSS3: 6.5
github
около 3 лет назад
A missing user check in Nextcloud prior to 20.0.6 inadvertently populates a user's own credentials for other users external storage configuration when not already configured yet.
EPSS
Процентиль: 63%
0.00463
Низкий
6.5 Medium
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-284
CWE-862