Auth bypass in Nextcloud Server

CVE-2017-0936

Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User-Controlled Key vulnerability. A missing ownership check allowed logged-in users to change the scope of app passwords of other users. Note that the…

Vulnerability class: IDOR (Insecure Direct Object Reference)

EPSS: 0.001 (34.5th percentile) — read the EPSS interpretation.