Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for Nextcloud Server by HackerOne

    CVE-2018-3776 (GCVE-0-2018-3776)

    Vulnerability from nvd – Published: 2018-08-12 22:00 – Updated: 2024-08-05 04:50
    VLAI
    Summary
    Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker's actions not being logged in the audit log.
    Severity
    No CVSS data available.
    CWE
    • CWE-20 - Improper Input Validation (CWE-20)
    Assigner
    References
    Impacted products
    Vendor Product Version
    HackerOne Nextcloud Server Affected: <12.0.3 <11.0.5
    Create a notification for this product.
    Date Public
    2018-08-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:50:30.811Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/232347"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2018-006"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Nextcloud Server",
              "vendor": "HackerOne",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c12.0.3 \u003c11.0.5"
                }
              ]
            }
          ],
          "datePublic": "2018-08-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker\u0027s actions not being logged in the audit log."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "Improper Input Validation (CWE-20)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-12T21:57:01.000Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hackerone.com/reports/232347"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2018-006"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "support@hackerone.com",
              "ID": "CVE-2018-3776",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Nextcloud Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c12.0.3 \u003c11.0.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "HackerOne"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker\u0027s actions not being logged in the audit log."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Input Validation (CWE-20)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hackerone.com/reports/232347",
                  "refsource": "MISC",
                  "url": "https://hackerone.com/reports/232347"
                },
                {
                  "name": "https://nextcloud.com/security/advisory/?id=NC-SA-2018-006",
                  "refsource": "CONFIRM",
                  "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2018-006"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2018-3776",
        "datePublished": "2018-08-12T22:00:00.000Z",
        "dateReserved": "2017-12-28T00:00:00.000Z",
        "dateUpdated": "2024-08-05T04:50:30.811Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-3775 (GCVE-0-2018-3775)

    Vulnerability from nvd – Published: 2018-08-12 22:00 – Updated: 2024-08-05 04:50
    VLAI
    Summary
    Improper Authentication in Nextcloud Server prior to version 12.0.3 would allow an attacker that obtained user credentials to bypass the 2 Factor Authentication.
    Severity
    No CVSS data available.
    CWE
    • CWE-287 - Improper Authentication - Generic (CWE-287)
    Assigner
    References
    Impacted products
    Date Public
    2018-08-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:50:30.743Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2018-007"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/248656"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Nextcloud Server",
              "vendor": "HackerOne",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c12.0.3"
                }
              ]
            }
          ],
          "datePublic": "2018-08-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Authentication in Nextcloud Server prior to version 12.0.3 would allow an attacker that obtained user credentials to bypass the 2 Factor Authentication."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "Improper Authentication - Generic (CWE-287)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-12T21:57:01.000Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2018-007"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hackerone.com/reports/248656"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "support@hackerone.com",
              "ID": "CVE-2018-3775",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Nextcloud Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c12.0.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "HackerOne"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper Authentication in Nextcloud Server prior to version 12.0.3 would allow an attacker that obtained user credentials to bypass the 2 Factor Authentication."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Authentication - Generic (CWE-287)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nextcloud.com/security/advisory/?id=NC-SA-2018-007",
                  "refsource": "CONFIRM",
                  "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2018-007"
                },
                {
                  "name": "https://hackerone.com/reports/248656",
                  "refsource": "MISC",
                  "url": "https://hackerone.com/reports/248656"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2018-3775",
        "datePublished": "2018-08-12T22:00:00.000Z",
        "dateReserved": "2017-12-28T00:00:00.000Z",
        "dateUpdated": "2024-08-05T04:50:30.743Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-3775 (GCVE-0-2018-3775)

    Vulnerability from cvelistv5 – Published: 2018-08-12 22:00 – Updated: 2024-08-05 04:50
    VLAI
    Summary
    Improper Authentication in Nextcloud Server prior to version 12.0.3 would allow an attacker that obtained user credentials to bypass the 2 Factor Authentication.
    Severity
    No CVSS data available.
    CWE
    • CWE-287 - Improper Authentication - Generic (CWE-287)
    Assigner
    References
    Impacted products
    Date Public
    2018-08-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:50:30.743Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2018-007"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/248656"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Nextcloud Server",
              "vendor": "HackerOne",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c12.0.3"
                }
              ]
            }
          ],
          "datePublic": "2018-08-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Authentication in Nextcloud Server prior to version 12.0.3 would allow an attacker that obtained user credentials to bypass the 2 Factor Authentication."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "Improper Authentication - Generic (CWE-287)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-12T21:57:01.000Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2018-007"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hackerone.com/reports/248656"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "support@hackerone.com",
              "ID": "CVE-2018-3775",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Nextcloud Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c12.0.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "HackerOne"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper Authentication in Nextcloud Server prior to version 12.0.3 would allow an attacker that obtained user credentials to bypass the 2 Factor Authentication."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Authentication - Generic (CWE-287)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nextcloud.com/security/advisory/?id=NC-SA-2018-007",
                  "refsource": "CONFIRM",
                  "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2018-007"
                },
                {
                  "name": "https://hackerone.com/reports/248656",
                  "refsource": "MISC",
                  "url": "https://hackerone.com/reports/248656"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2018-3775",
        "datePublished": "2018-08-12T22:00:00.000Z",
        "dateReserved": "2017-12-28T00:00:00.000Z",
        "dateUpdated": "2024-08-05T04:50:30.743Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-3776 (GCVE-0-2018-3776)

    Vulnerability from cvelistv5 – Published: 2018-08-12 22:00 – Updated: 2024-08-05 04:50
    VLAI
    Summary
    Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker's actions not being logged in the audit log.
    Severity
    No CVSS data available.
    CWE
    • CWE-20 - Improper Input Validation (CWE-20)
    Assigner
    References
    Impacted products
    Vendor Product Version
    HackerOne Nextcloud Server Affected: <12.0.3 <11.0.5
    Create a notification for this product.
    Date Public
    2018-08-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:50:30.811Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/232347"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2018-006"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Nextcloud Server",
              "vendor": "HackerOne",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c12.0.3 \u003c11.0.5"
                }
              ]
            }
          ],
          "datePublic": "2018-08-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker\u0027s actions not being logged in the audit log."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "Improper Input Validation (CWE-20)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-12T21:57:01.000Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hackerone.com/reports/232347"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2018-006"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "support@hackerone.com",
              "ID": "CVE-2018-3776",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Nextcloud Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c12.0.3 \u003c11.0.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "HackerOne"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker\u0027s actions not being logged in the audit log."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Input Validation (CWE-20)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hackerone.com/reports/232347",
                  "refsource": "MISC",
                  "url": "https://hackerone.com/reports/232347"
                },
                {
                  "name": "https://nextcloud.com/security/advisory/?id=NC-SA-2018-006",
                  "refsource": "CONFIRM",
                  "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2018-006"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2018-3776",
        "datePublished": "2018-08-12T22:00:00.000Z",
        "dateReserved": "2017-12-28T00:00:00.000Z",
        "dateUpdated": "2024-08-05T04:50:30.811Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }