security-advisories/server/nc-sa-2018-010.json

{
   "Title": "Improper validation of permissions",
   "Timestamp": 1540468800,
   "Risk": 1,
   "CVSS3": {
     "score": 6.4,
     "vector": "AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"
   },
   "CWE": {
      "id": 284,
      "name": "Improper Access Control - Generic"
   },
   "HackerOne": 388515,
   "Affected":[
      {
         "Version":"14.0.0",
         "CVE":"CVE-2018-16466",
         "Operator":"<"
      },
      {
         "Version":"13.0.6",
         "CVE":"CVE-2018-16466",
         "Operator":"<"
      },
      {
         "Version":"12.0.11",
         "CVE":"CVE-2018-16466",
         "Operator":"<"
      }
   ],
   "Description":"Improper revalidation of permissions lead to not accepting access restrictions by acess tokens.",
   "ActionTaken": "The error has been fixed.",
   "Acknowledgment":[
      {
         "Name": "Mohd Haji",
         "Reason": "Vulnerability discovery and disclosure."
      }
   ],
   "Resolution": "It is recommended that all instances are upgraded to Nextcloud 14.0.0, Nextcloud 13.0.6 or Nextcloud 12.0.11."
}