CVE-2018-3761 Vulnerability Details

  /     /     /  

CVE-2018-3761 Metadata Quick Info

CVE Published: 05/07/2018 | CVE Updated: 05/08/2024 | CVE Year: 2018
Source: hackerone | Vendor: Nextcloud | Product: Nextcloud Server
Status : PUBLISHED

---

CVE-2018-3761 Description

Nextcloud Server before 12.0.8 and 13.0.3 suffer from improper authentication on the OAuth2 token endpoint. Missing checks potentially allowed handing out new tokens in case the OAuth2 client was partly compromised.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-287
CWE Name: Improper Authentication - Generic (CWE-287)
Source: Nextcloud

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).