Vulnerability Name:

CVE-2018-16463 (CCN-152525)

Assigned:2018-10-25
Published:2018-10-25
Updated:2019-10-09
Summary:A bug causing session fixation in Nextcloud Server prior to 14.0.0, 13.0.3 and 12.0.8 could potentially allow an attacker to obtain access to password protected shares.
CVSS v3 Severity:3.1 Low (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N)
2.7 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): High
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
3.1 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N)
2.7 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): High
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:3.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:S/C:P/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
3.2 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:M/C:P/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): Multiple_Instances
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-384
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2018-16463

Source: XF
Type: UNKNOWN
nextcloud-cve201816463-session-hijacking(152525)

Source: MISC
Type: Third Party Advisory
https://hackerone.com/reports/237184

Source: CCN
Type: Nextcloud Security Advisory nc-sa-2018-013
Session fixation on public share page

Source: MISC
Type: Vendor Advisory
https://nextcloud.com/security/advisory/?id=NC-SA-2018-013

Vulnerable Configuration:Configuration 1:
  • cpe:/a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:* (Version < 12.0.8)
  • OR cpe:/a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:* (Version >= 13.0.0 and < 13.0.3)
  • OR cpe:/a:nextcloud:nextcloud_server:14.0.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:nextcloud:nextcloud_server:14.0.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:nextcloud:nextcloud_server:14.0.0:beta3:*:*:*:*:*:*
  • OR cpe:/a:nextcloud:nextcloud_server:14.0.0:beta4:*:*:*:*:*:*
  • OR cpe:/a:nextcloud:nextcloud_server:14.0.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:nextcloud:nextcloud_server:14.0.0:rc2:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:nextcloud:nextcloud_server:12.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:nextcloud:nextcloud_server:13.0.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    nextcloud nextcloud server *
    nextcloud nextcloud server *
    nextcloud nextcloud server 14.0.0 beta1
    nextcloud nextcloud server 14.0.0 beta2
    nextcloud nextcloud server 14.0.0 beta3
    nextcloud nextcloud server 14.0.0 beta4
    nextcloud nextcloud server 14.0.0 rc1
    nextcloud nextcloud server 14.0.0 rc2
    nextcloud nextcloud server 12.0.7
    nextcloud nextcloud server 13.0.2