Vulnerability Description
A missing access check in Nextcloud Server prior to 14.0.0 could lead to continued access to password protected link shares when the owner had changed the password.
CVSS Score
5.7
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nextcloud | Nextcloud Server | < 14.0.0 |
Related Weaknesses (CWE)
References
- https://hackerone.com/reports/146133Third Party Advisory
- https://nextcloud.com/security/advisory/?id=NC-SA-2018-012Vendor Advisory
- https://hackerone.com/reports/146133Third Party Advisory
- https://nextcloud.com/security/advisory/?id=NC-SA-2018-012Vendor Advisory
FAQ
What is CVE-2018-16464?
CVE-2018-16464 is a vulnerability with a CVSS score of 5.7 (MEDIUM). A missing access check in Nextcloud Server prior to 14.0.0 could lead to continued access to password protected link shares when the owner had changed the password.
How severe is CVE-2018-16464?
CVE-2018-16464 has been rated MEDIUM with a CVSS base score of 5.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-16464?
Check the references section above for vendor advisories and patch information. Affected products include: Nextcloud Nextcloud Server.