Vulnerability Description
Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an application specific password without permission to the files access to the users file.
CVSS Score
3.5
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nextcloud | Nextcloud Server | < 11.0.3 |
Related Weaknesses (CWE)
References
- https://hackerone.com/reports/191979Third Party Advisory
- https://nextcloud.com/security/advisory/?id=nc-sa-2017-009Broken LinkPatchVendor Advisory
- https://hackerone.com/reports/191979Third Party Advisory
- https://nextcloud.com/security/advisory/?id=nc-sa-2017-009Broken LinkPatchVendor Advisory
FAQ
What is CVE-2017-0892?
CVE-2017-0892 is a vulnerability with a CVSS score of 3.5 (LOW). Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an application specific password without permission to the files access to the users file.
How severe is CVE-2017-0892?
CVE-2017-0892 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-0892?
Check the references section above for vendor advisories and patch information. Affected products include: Nextcloud Nextcloud Server.