CVE-2018-16463

LOW

Nextcloud Server <14.0.0-12.0.8 - Info Disclosure

Title source: llm

Description

A bug causing session fixation in Nextcloud Server prior to 14.0.0, 13.0.3 and 12.0.8 could potentially allow an attacker to obtain access to password protected shares.

References (2)

Core 2

Core References

Vendor Advisory x_refsource_misc

https://nextcloud.com/security/advisory/?id=NC-SA-2018-013

Third Party Advisory x_refsource_misc

https://hackerone.com/reports/237184

Scores

CVSS v3 3.1

EPSS 0.0013

EPSS Percentile 32.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N

Details

CWE

CWE-384

Status published

Products (2)

nextcloud/nextcloud_server 14.0.0 beta1 (6 CPE variants)

nextcloud/nextcloud_server < 12.0.8

Published Oct 30, 2018

Tracked Since Feb 18, 2026