41 строка
1.0 KiB
JSON
41 строка
1.0 KiB
JSON
{
|
|
"Title": "Session fixation on public share page",
|
|
"Timestamp": 1540468800,
|
|
"Risk": 1,
|
|
"CVSS3": {
|
|
"score": 3.1,
|
|
"vector": "AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N"
|
|
},
|
|
"CWE": {
|
|
"id": 384,
|
|
"name": "Session Fixation"
|
|
},
|
|
"HackerOne": 237184,
|
|
"Affected":[
|
|
{
|
|
"Version":"14.0.0",
|
|
"CVE":"CVE-2018-16463",
|
|
"Operator":"<"
|
|
},
|
|
{
|
|
"Version":"13.0.3",
|
|
"CVE":"CVE-2018-16463",
|
|
"Operator":"<"
|
|
},
|
|
{
|
|
"Version":"12.0.8",
|
|
"CVE":"CVE-2018-16463",
|
|
"Operator":"<"
|
|
}
|
|
],
|
|
"Description":"A bug causing session fixation could potentially allow an attacker to obtain access to password protected shares.",
|
|
"ActionTaken": "The error has been fixed.",
|
|
"Acknowledgment":[
|
|
{
|
|
"Name": "Anonymous hacker",
|
|
"Reason": "Vulnerability discovery and disclosure."
|
|
}
|
|
],
|
|
"Resolution": "It is recommended that all instances are upgraded to at least Nextcloud 14.0.0, Nextcloud 13.0.3 or Nextcloud 12.0.8."
|
|
}
|