CVE-2018-3761 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2018-3761 Interim 1 8 2023-12-09T00:55:15Z current 2021-05-30T14:08:16Z 2023-12-09T00:55:15Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2018-3761 Nextcloud Server before 12.0.8 and 13.0.3 suffer from improper authentication on the OAuth2 token endpoint. Missing checks potentially allowed handing out new tokens in case the OAuth2 client was partly compromised. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RSHDIDRMLM7RS77R7KSNDMLMB2B2ZALH/#RSHDIDRMLM7RS77R7KSNDMLMB2B2ZALH E-Mail link for openSUSE-SU-2018:1924-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 15.0 nextcloud-13.0.4-lp150.2.3.1 nextcloud-13.0.4-lp150.2.3.1 as a component of openSUSE Leap 15.0 Nextcloud Server before 12.0.8 and 13.0.3 suffer from improper authentication on the OAuth2 token endpoint. Missing checks potentially allowed handing out new tokens in case the OAuth2 client was partly compromised. CVE-2018-3761 openSUSE Leap 15.0:nextcloud-13.0.4-lp150.2.3.1 important 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N