CVE-2017-0936 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2017-0936 Interim 1 5 2023-12-08T01:40:25Z current 2021-05-30T13:50:04Z 2023-12-08T01:40:25Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2017-0936 Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User-Controlled Key vulnerability. A missing ownership check allowed logged-in users to change the scope of app passwords of other users. Note that the app passwords themselves where neither disclosed nor could the error be misused to identify as another user. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User-Controlled Key vulnerability. A missing ownership check allowed logged-in users to change the scope of app passwords of other users. Note that the app passwords themselves where neither disclosed nor could the error be misused to identify as another user. CVE-2017-0936 moderate 4.9 AV:N/AC:M/Au:S/C:N/I:P/A:P 5.7 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N