CVE-2018-3761
First published: Thu Jul 05 2018(Updated: )
Nextcloud Server before 12.0.8 and 13.0.3 suffer from improper authentication on the OAuth2 token endpoint. Missing checks potentially allowed handing out new tokens in case the OAuth2 client was partly compromised.
Credit: support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nextcloud Nextcloud Server | <12.0.8 | |
| Nextcloud Nextcloud Server | >=13.0.0<13.0.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-3761?
CVE-2018-3761 has been rated as a medium severity vulnerability.
How do I fix CVE-2018-3761?
To fix CVE-2018-3761, upgrade Nextcloud Server to version 12.0.8 or later, or version 13.0.3 or later.
What type of vulnerability is CVE-2018-3761?
CVE-2018-3761 is categorized as an improper authentication vulnerability on the OAuth2 token endpoint.
Which versions of Nextcloud Server are affected by CVE-2018-3761?
Nextcloud Server versions prior to 12.0.8 and between 13.0.0 and 13.0.3 are affected by CVE-2018-3761.
What can attackers potentially exploit in CVE-2018-3761?
Attackers can potentially exploit CVE-2018-3761 to obtain new tokens if the OAuth2 client is partially compromised.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/first-publish-date
- agent/tags
- agent/description
- agent/event
- agent/author
- agent/source
- vendor/nextcloud
- canonical/nextcloud nextcloud server
- version/nextcloud nextcloud server/13.0.0