Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 670010 (CVE-2018-16467) - <www-apps/nextcloud-14.0.0: password protection bypass on certain shared file types (CVE-2018-16467)
Summary: <www-apps/nextcloud-14.0.0: password protection bypass on certain shared file...
Alias: CVE-2018-16467
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
Whiteboard: ~4 [noglsa cve]
Depends on:
Reported: 2018-10-31 02:04 UTC by Michael Boyle
Modified: 2018-11-23 21:10 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Michael Boyle 2018-10-31 02:04:40 UTC
A missing check in Nextcloud Server prior to 14.0.0 could give unauthorized access to the previews of single file password protected shares.
Comment 1 Michael Boyle 2018-10-31 12:10:36 UTC
@maintainer(s), the fix is in 14.0.0-14.0.3. We can clean the previous versions.

Michael Boyle
Gentoo Security Padawan
Comment 2 Bernard Cafarelli gentoo-dev 2018-11-05 07:35:07 UTC
OK there was a round of advisories, like also affecting 12.x and 13.x

I cleaned all previous versions (except last releases):