CVE-2018-3761

CVE-2018-3761

Vendor Nextcloud
Product Nextcloud Server
Weakness CWE-287 · Improper authentication
Published July 5, 2018
Last update August 5, 2024

CVSS base score

What the vulnerability does

01Description

Nextcloud Server before 12.0.8 and 13.0.3 suffer from improper authentication on the OAuth2 token endpoint. Missing checks potentially allowed handing out new tokens in case the OAuth2 client was partly compromised.

Key dates

02Disclosure timeline

July 5, 2018 CVE published
August 5, 2024 Record updated