All errata/sisyphus/ALT-PU-2017-2277-1
ALT-PU-2017-2277-1

Package update nextcloud in branch sisyphus

Version12.0.3-alt1
Task#188573
Published2017-09-21
Max severityHIGH
Severity:

Closed issues (2)

CVE-2018-3775
HIGH8.8

Improper Authentication in Nextcloud Server prior to version 12.0.3 would allow an attacker that obtained user credentials to bypass the 2 Factor Authentication.

Published: 2018-08-12Modified: 2024-11-21
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:N
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References
CVE-2018-3776
MEDIUM5.3

Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker's actions not being logged in the audit log.

Published: 2018-08-12Modified: 2024-11-21
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS 3.xMEDIUM 5.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
References