Описание
Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, webauthn tokens were not deleted after a user has been deleted. If a victim reused an earlier used username, the previous user could gain access to their account. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds.
Ссылки
- Third Party Advisory
- Third Party Advisory
- Permissions Required
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Permissions Required
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 19.0.13 (исключая)Версия от 20.0.0 (включая) до 20.0.11 (исключая)Версия от 21.0.0 (включая) до 21.0.3 (исключая)
Одно из
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 41%
0.00184
Низкий
7.1 High
CVSS3
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-708
CWE-287
Связанные уязвимости
CVSS3: 7.1
debian
почти 4 года назад
Nextcloud Server is a Nextcloud package that handles data storage. In ...
EPSS
Процентиль: 41%
0.00184
Низкий
7.1 High
CVSS3
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-708
CWE-287