Vulnerability CVE-2018-3780

Vulnerability Name:

CVE-2018-3780 (CCN-148379)

Assigned:

2017-12-28

Published:

2018-08-10

Updated:

2019-10-09

Summary:

A missing sanitization of search results for an autocomplete field in NextCloud Server <13.0.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users.

CVSS v3 Severity:

5.4 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
5.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

5.4 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
5.2 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

3.5 Low (CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

5.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-79

Vulnerability Consequences:

Cross-Site Scripting

References:

Source: MITRE
Type: CNA
CVE-2018-3780

Source: XF
Type: UNKNOWN
nextcloud-server-cve20183780-xss(148379)

Source: MISC
Type: Third Party Advisory
https://hackerone.com/reports/383117

Source: CCN
Type: Nextcloud Security Advisory nc-sa-2018-008
Stored XSS in autocomplete suggestions for file comments

Source: CONFIRM
Type: Vendor Advisory
https://nextcloud.com/security/advisory/?id=NC-SA-2018-008

Vulnerable Configuration:

Configuration 1:

cpe:/a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:* (Version < 13.0.5)

Configuration CCN 1:

cpe:/a:nextcloud:nextcloud_server:13.0.4:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20183780	V	CVE-2018-3780	2021-10-24
oval:org.opensuse.security:def:25759	P	Security update for icu (Moderate)	2020-12-01
oval:org.opensuse.security:def:25456	P	Security update for ghostscript (Important)	2020-12-01
oval:org.opensuse.security:def:25232	P	Security update for sudo (Important)	2020-12-01
oval:org.opensuse.security:def:26441	P	Security update for phpMyAdmin (Moderate)	2020-12-01
oval:org.opensuse.security:def:25659	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:25370	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:25043	P	Security update for python-xdg (Moderate)	2020-12-01
oval:org.opensuse.security:def:25761	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25604	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25234	P	Security update for dnsmasq (Moderate)	2020-12-01
oval:org.opensuse.security:def:25030	P	Security update for ghostscript (Important)	2020-12-01
oval:org.opensuse.security:def:26443	P	Security update for helm (Moderate)	2020-12-01
oval:org.opensuse.security:def:25745	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:25372	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:25105	P	Security update for ceph (Important)	2020-12-01
oval:org.opensuse.security:def:25803	P	Security update for flash-player (Moderate)	2020-12-01
oval:org.opensuse.security:def:25606	P	Security update for libjpeg-turbo (Moderate)	2020-12-01
oval:org.opensuse.security:def:25313	P	Security update for perl-DBI (Important)	2020-12-01
oval:org.opensuse.security:def:25032	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:26476	P	Security update for nextcloud (Moderate)	2020-12-01
oval:org.opensuse.security:def:25747	P	Security update for git (Important)	2020-12-01
oval:org.opensuse.security:def:25454	P	Security update for ucode-intel (Important)	2020-12-01
oval:org.opensuse.security:def:25107	P	Security update for openssl-1_1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25805	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:25657	P	Security update for graphviz (Low)	2020-12-01
oval:org.opensuse.security:def:25315	P	Security update for ovmf (Moderate)	2020-12-01
oval:org.opensuse.security:def:25041	P	Security update for libpcap (Important)	2020-12-01
oval:org.opensuse.security:def:26478	P	Security update for nextcloud (Moderate)	2020-12-01

BACK