Package nextcloud updated to version 12.0.3-alt1 for branch sisyphus in task 188573.

Published: 2018-08-13
Modified: 2024-11-21

CVE-2018-3775

Improper Authentication in Nextcloud Server prior to version 12.0.3 would allow an attacker that obtained user credentials to bypass the 2 Factor Authentication.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

https://hackerone.com/reports/248656
https://hackerone.com/reports/248656
https://nextcloud.com/security/advisory/?id=NC-SA-2018-007
https://nextcloud.com/security/advisory/?id=NC-SA-2018-007

Published: 2018-08-13
Modified: 2024-11-21

CVE-2018-3776

Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker's actions not being logged in the audit log.

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

https://hackerone.com/reports/232347
https://hackerone.com/reports/232347
https://nextcloud.com/security/advisory/?id=NC-SA-2018-006
https://nextcloud.com/security/advisory/?id=NC-SA-2018-006

Version: 2.1.0

Package nextcloud update in sisyphus on 2017-09-21

ALT-PU-2017-2277-1

Closed vulnerabilities

CVE-2018-3775

CVE-2018-3776