CVE-2018-3761
- Source
- https://cve.org/CVERecord?id=CVE-2018-3761
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-3761.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-3761
- Published
- 2018-07-05T16:29:00.407Z
- Modified
- 2026-04-10T04:09:25.818638Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Nextcloud Server before 12.0.8 and 13.0.3 suffer from improper authentication on the OAuth2 token endpoint. Missing checks potentially allowed handing out new tokens in case the OAuth2 client was partly compromised.
- References
Affected packages
Git / github.com/nextcloud/server
Affected versions
theming-1.*
theming-1.4.5
v1.*
v1.0.0beta1
v11.*
v11.0.0
v11.0RC2
v12.*
v12.0.0
v12.0.0RC1
v12.0.0RC2
v12.0.0RC3
v12.0.0beta1
v12.0.0beta2
v12.0.0beta3
v12.0.0beta4
v12.0.1
v12.0.1RC1
v12.0.1RC2
v12.0.1RC3
v12.0.1RC4
v12.0.1RC5
v12.0.3
v12.0.3RC1
v12.0.3RC2
v12.0.4
v12.0.4RC1
v12.0.4RC2
v12.0.4RC3
v12.0.5
v12.0.5RC1
v12.0.5RC2
v12.0.5RC3
v12.0.6
v12.0.6RC1
v12.0.7
v12.0.7RC1
v12.0.8RC1
v13.*
v13.0.0
v13.0.1
v13.0.1RC1
v13.0.2
v13.0.2RC1
v13.0.3RC1
v13.0.3RC2
v3.*
v3.0
v4.*
v4.0.0
v4.0.0RC
v4.0.0RC2
v4.0.0beta
v4.0.1
v4.0.4
v4.0.5
v4.0.6
v4.5.0
v4.5.0RC1
v4.5.0RC2
v4.5.0RC3
v4.5.0beta3
v4.5.0beta4
v5.*
v5.0.0
v5.0.0RC1
v5.0.0RC2
v5.0.0RC3
v5.0.0alpha1
v5.0.0beta1
v5.0.0beta2
v6.*
v6.0.0RC1
v6.0.0RC2
v6.0.0alpha2
v6.0.0beta2
v6.0.0beta3
v6.0.0beta4
v6.0.0beta5
v7.*
v7.0.0alpha2
v7.0.0beta1
v8.*
v8.0.0
v8.0.0RC1
v8.0.0RC2
v8.0.0alpha1
v8.0.0alpha2
v8.0.0beta1
v8.0.0beta2
v8.1.0alpha1
v8.1.0alpha2
v8.1.0beta1
v8.1.0beta2
v8.1RC2
v8.2RC1
v8.2beta1
v9.*
v9.0.0beta2
v9.0beta1
v9.1.0beta1