Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 670010 (CVE-2018-16467)

Summary: <www-apps/nextcloud-14.0.0: password protection bypass on certain shared file types (CVE-2018-16467)
Product: Gentoo Security Reporter: Michael Boyle <boylemic>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: trivial CC: voyageur, web-apps
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: ~4 [noglsa cve]
Package list:
Runtime testing required: ---

Description Michael Boyle 2018-10-31 02:04:40 UTC
A missing check in Nextcloud Server prior to 14.0.0 could give unauthorized access to the previews of single file password protected shares.
Comment 1 Michael Boyle 2018-10-31 12:10:36 UTC
@maintainer(s), the fix is in 14.0.0-14.0.3. We can clean the previous versions.

Michael Boyle
Gentoo Security Padawan
Comment 2 Bernard Cafarelli gentoo-dev 2018-11-05 07:35:07 UTC
OK there was a round of advisories, like also affecting 12.x and 13.x

I cleaned all previous versions (except last releases):