|Category:||Web application abuses|
|Title:||Nextcloud Server < 14.0.0 Multiple Vulnerabilities (NC-SA-2018-011, NC-SA-2018-012, NC-SA-2018-014) (Linux)|
|Summary:||This host is running Nextcloud Server; and is prone to multiple vulnerabilities.|
This host is running Nextcloud Server
and is prone to multiple vulnerabilities.
The following vulnerabilities exist:
- Missing state would not enforce the use of a second factor at login if the the provider of the second factor failed to load. (CVE-2018-16464)
- A missing access check could lead to continued access to password protected link shares when the owner had changed the password. (CVE-2018-16465)
- A missing check could give unauthorized access to the previews of single file password protected shares. (CVE-2018-16467)
Nextcloud Server before version 14.0.0.
Upgrade Nextcloud Server to version 14.0.0 or later.
Common Vulnerability Exposure (CVE) ID: CVE-2018-16464|
Common Vulnerability Exposure (CVE) ID: CVE-2018-16465
Common Vulnerability Exposure (CVE) ID: CVE-2018-16467
|Copyright||Copyright (C) 2018 Greenbone Networks GmbH|
|This is only one of 71225 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.