Auth bypass in Nextcloud Server

CVE-2018-3761

Nextcloud Server before 12.0.8 and 13.0.3 suffer from improper authentication on the OAuth2 token endpoint. Missing checks potentially allowed handing out new tokens in case the OAuth2 client was partly compromised.

Vulnerability class: Broken Authentication

EPSS: 0.006 (69.7th percentile) — read the EPSS interpretation.

Affected products

Nextcloud Server — versions <13.0.3, <12.0.8

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

hackerone.com/reports/343111 (x_refsource_MISC)
nextcloud.com/security/advisory/ (x_refsource_CONFIRM)