diff options
Diffstat (limited to 'old/server/nc-sa-2018-002.json')
-rw-r--r-- | old/server/nc-sa-2018-002.json | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/old/server/nc-sa-2018-002.json b/old/server/nc-sa-2018-002.json new file mode 100644 index 0000000..038d5da --- /dev/null +++ b/old/server/nc-sa-2018-002.json @@ -0,0 +1,36 @@ +{ + "Title": "File access control rules not applied to image previews", + "Timestamp": 1529582400, + "Risk": 1, + "CVSS3": { + "score": 3.5, + "vector": "AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" + }, + "CWE": { + "id": 273, + "name": "Improper Check for Dropped Privileges" + }, + "HackerOne": 358339, + "Affected":[ + { + "Version":"13.0.3", + "CVE":"CVE-2018-3762", + "Operator":"<" + }, + { + "Version":"12.0.8", + "CVE":"CVE-2018-3762", + "Operator":"<" + } + ], + "Description":"A missing check for read permissions allowed users that received an incomming share containing files tagged so they should be denied access to still request a preview for those files.", + "ActionTaken": "The error has been fixed and regression tests been added.", + "Acknowledgment":[ + { + "Name": "Reinis Martinsons", + "Mail": "reinis.martinsons@gmail.com", + "Reason": "Vulnerability discovery and disclosure." + } + ], + "Resolution": "It is recommended that all instances are upgraded to Nextcloud 13.0.3." +} |