CVE-2017-0892

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2017-0892

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-0892.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-0892

Published

2017-05-08T20:29:00.257Z

Modified

2026-04-10T03:54:32.079875Z

Severity

3.5 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an application specific password without permission to the files access to the users file.

References

Affected packages

Git / github.com/nextcloud/server

Affected ranges

Type

GIT

Repo

https://github.com/nextcloud/server

Events

Introduced

Fixed

9649661f8fc0220b837975fe8afef5b5f7a964ec

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "11.0.3"
        }
    ]
}

Affected versions

v1.*

v1.0.0beta1

v11.*

v11.0.0

v11.0.1

v11.0.1RC1

v11.0.2

v11.0.2RC1

v11.0.3RC1

v11.0.3RC2

v11.0RC2

v3.*

v3.0

v4.*

v4.0.0

v4.0.0RC

v4.0.0RC2

v4.0.0beta

v4.0.1

v4.0.4

v4.0.5

v4.0.6

v4.5.0

v4.5.0RC1

v4.5.0RC2

v4.5.0RC3

v4.5.0beta3

v4.5.0beta4

v5.*

v5.0.0

v5.0.0RC1

v5.0.0RC2

v5.0.0RC3

v5.0.0alpha1

v5.0.0beta1

v5.0.0beta2

v6.*

v6.0.0RC1

v6.0.0RC2

v6.0.0alpha2

v6.0.0beta2

v6.0.0beta3

v6.0.0beta4

v6.0.0beta5

v7.*

v7.0.0alpha2

v7.0.0beta1

v8.*

v8.0.0

v8.0.0RC1

v8.0.0RC2

v8.0.0alpha1

v8.0.0alpha2

v8.0.0beta1

v8.0.0beta2

v8.1.0alpha1

v8.1.0alpha2

v8.1.0beta1

v8.1.0beta2

v8.1RC2

v8.2RC1

v8.2beta1

v9.*

v9.0.0beta2

v9.0beta1

v9.1.0beta1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-0892.json"