CVE-2018-16466

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-16466
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-16466.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-16466
Published
2018-10-30T21:29:00.793Z
Modified
2026-04-10T04:09:37.500803Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
[none]
Details

Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead to not accepting access restrictions by acess tokens.

References

Affected packages

Git / github.com/nextcloud/server

Affected ranges

Type
GIT
Repo
https://github.com/nextcloud/server
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
b604bf28358d259085308f8769e841a3160b8736
Introduced
3b4285e13f6b1ec074b98466f49e189101f090bc
Fixed
2a973843f0acf084ba62d41f7d2c1526b5f8f4d1
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
adcc061166ab86bd39b004bd85847320fdd2d525
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
9891eae232d77391699d3be908ed03426779d4d2
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
def2bf2086b00b5bb00b362a5a50840fdf8b4cc0
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
bdead84ec68001377e599230e86c3ea18d277a13
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
9823c7197150e4134490c043c2e2e53733eae783
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c31632ccdf5c9a76499ad36b40c8cf52c1602754
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "12.0.11"
        },
        {
            "introduced": "13.0.0"
        },
        {
            "fixed": "13.0.6"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "14.0.0-beta1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "14.0.0-beta2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "14.0.0-beta3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "14.0.0-beta4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "14.0.0-rc1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "14.0.0-rc2"
        }
    ]
}

Affected versions

theming-1.*
theming-1.4.5
v1.*
v1.0.0beta1
v11.*
v11.0.0
v11.0RC2
v12.*
v12.0.0
v12.0.0RC1
v12.0.0RC2
v12.0.0RC3
v12.0.0beta1
v12.0.0beta2
v12.0.0beta3
v12.0.0beta4
v12.0.1
v12.0.10
v12.0.10RC1
v12.0.11RC1
v12.0.1RC1
v12.0.1RC2
v12.0.1RC3
v12.0.1RC4
v12.0.1RC5
v12.0.3
v12.0.3RC1
v12.0.3RC2
v12.0.4
v12.0.4RC1
v12.0.4RC2
v12.0.4RC3
v12.0.5
v12.0.5RC1
v12.0.5RC2
v12.0.5RC3
v12.0.6
v12.0.6RC1
v12.0.7
v12.0.7RC1
v12.0.8
v12.0.8RC1
v12.0.9
v13.*
v13.0.0
v13.0.0RC1
v13.0.0beta1
v13.0.0beta2
v13.0.0beta3
v13.0.0beta4
v13.0.1
v13.0.1RC1
v13.0.2
v13.0.2RC1
v13.0.3
v13.0.3RC1
v13.0.3RC2
v13.0.4
v13.0.5
v13.0.5RC1
v13.0.5RC2
v13.0.6RC1
v14.*
v14.0.0RC1
v14.0.0RC2
v14.0.0beta1
v14.0.0beta2
v14.0.0beta3
v14.0.0beta4
v3.*
v3.0
v4.*
v4.0.0
v4.0.0RC
v4.0.0RC2
v4.0.0beta
v4.0.1
v4.0.4
v4.0.5
v4.0.6
v4.5.0
v4.5.0RC1
v4.5.0RC2
v4.5.0RC3
v4.5.0beta3
v4.5.0beta4
v5.*
v5.0.0
v5.0.0RC1
v5.0.0RC2
v5.0.0RC3
v5.0.0alpha1
v5.0.0beta1
v5.0.0beta2
v6.*
v6.0.0RC1
v6.0.0RC2
v6.0.0alpha2
v6.0.0beta2
v6.0.0beta3
v6.0.0beta4
v6.0.0beta5
v7.*
v7.0.0alpha2
v7.0.0beta1
v8.*
v8.0.0
v8.0.0RC1
v8.0.0RC2
v8.0.0alpha1
v8.0.0alpha2
v8.0.0beta1
v8.0.0beta2
v8.1.0alpha1
v8.1.0alpha2
v8.1.0beta1
v8.1.0beta2
v8.1RC2
v8.2RC1
v8.2beta1
v9.*
v9.0.0beta2
v9.0beta1
v9.1.0beta1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-16466.json"