diff options
Diffstat (limited to 'old/server/nc-sa-2018-012.json')
-rw-r--r-- | old/server/nc-sa-2018-012.json | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/old/server/nc-sa-2018-012.json b/old/server/nc-sa-2018-012.json new file mode 100644 index 0000000..62a5ec1 --- /dev/null +++ b/old/server/nc-sa-2018-012.json @@ -0,0 +1,29 @@ +{ + "Title": "Improper authentication on public shares", + "Timestamp": 1540468800, + "Risk": 1, + "CVSS3": { + "score": 3.7, + "vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N" + }, + "CWE": { + "id": 287, + "name": "Improper Authentication - Generic" + }, + "Affected":[ + { + "Version":"14.0.0", + "CVE":"CVE-2018-16464", + "Operator":"<" + } + ], + "Description":"A missing access check could lead to continued access to password protected link shares when the owner had changed the password.", + "ActionTaken": "The error has been fixed.", + "Acknowledgment":[ + { + "Name": "Rudra Pratap Singh", + "Reason": "Vulnerability discovery and disclosure." + } + ], + "Resolution": "It is recommended that all instances are upgraded to Nextcloud 14.0.0." +} |