Back to search
CVE-2018-3761
Published: Jul 5, 2018
Modified: Aug 5, 2024
PUBLISHED
Description
Nextcloud Server before 12.0.8 and 13.0.3 suffer from improper authentication on the OAuth2 token endpoint. Missing checks potentially allowed handing out new tokens in case the OAuth2 client was partly compromised.
| Vendor | Product | Versions |
|---|---|---|
Nextcloud | Nextcloud Server | affected <13.0.3, <12.0.8 |
Weaknesses (CWE)
References
https://hackerone.com/reports/343111
x_refsource_MISC
https://nextcloud.com/security/advisory/?id=nc-sa-2018-003
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now