CVE-2018-3776
Severity Score
5.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker's actions not being logged in the audit log.
El validador de entradas incorrecto en Nextcloud Server en versiones anteriores a 12.0.3 podría conducir a que las acciones de un atacante no se registren en el log de auditoría.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-12-28 CVE Reserved
- 2018-08-12 CVE Published
- 2024-06-21 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-532: Insertion of Sensitive Information into Log File
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://hackerone.com/reports/232347 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://nextcloud.com/security/advisory/?id=NC-SA-2018-006 | 2023-02-28 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Nextcloud Search vendor "Nextcloud" | Nextcloud Server Search vendor "Nextcloud" for product "Nextcloud Server" | >= 11.0.0 < 11.0.5 Search vendor "Nextcloud" for product "Nextcloud Server" and version " >= 11.0.0 < 11.0.5" | - |
Affected
| ||||||
| Nextcloud Search vendor "Nextcloud" | Nextcloud Server Search vendor "Nextcloud" for product "Nextcloud Server" | >= 12.0.0 < 12.0.3 Search vendor "Nextcloud" for product "Nextcloud Server" and version " >= 12.0.0 < 12.0.3" | - |
Affected
| ||||||