CVE-2017-0892 Vulnerability Details

  /     /     /  

CVE-2017-0892 Metadata Quick Info

CVE Published: 08/05/2017 | CVE Updated: 05/08/2024 | CVE Year: 2017
Source: hackerone | Vendor: Nextcloud | Product: Nextcloud Server
Status : PUBLISHED

---

CVE-2017-0892 Description

Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an application specific password without permission to the files access to the users file.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-285
CWE Name: Improper Authorization (CWE-285)
Source: Nextcloud

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).