Access Control Bypass in Nextcloud Server versions prior to 14.0.0, 13.0.6, and 12.0.11

Access Control Bypass in Nextcloud Server versions prior to 14.0.0, 13.0.6, and 12.0.11

CVE-2018-16466 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:N

Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead to not accepting access restrictions by acess tokens.

Learn more about our Cis Benchmark Audit For Server Software.