{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "fixed": "12.0.8" }, { "introduced": "13.0.0" }, { "fixed": "13.0.3" }, { "introduced": "0" }, { "last_affected": "14.0.0-beta1" }, { "introduced": "0" }, { "last_affected": "14.0.0-beta2" }, { "introduced": "0" }, { "last_affected": "14.0.0-beta3" }, { "introduced": "0" }, { "last_affected": "14.0.0-beta4" }, { "introduced": "0" }, { "last_affected": "14.0.0-rc1" }, { "introduced": "0" }, { "last_affected": "14.0.0-rc2" } ] }, "events": [ { "introduced": "0" }, { "fixed": "42d3169e276bda2e2c41849fcc8a6f683719b323" }, { "introduced": "3b4285e13f6b1ec074b98466f49e189101f090bc" }, { "fixed": "8a0093d9cada749aa0182b1c2248b42e0ea47f0b" }, { "introduced": "0" }, { "last_affected": "adcc061166ab86bd39b004bd85847320fdd2d525" }, { "introduced": "0" }, { "last_affected": "9891eae232d77391699d3be908ed03426779d4d2" }, { "introduced": "0" }, { "last_affected": "def2bf2086b00b5bb00b362a5a50840fdf8b4cc0" }, { "introduced": "0" }, { "last_affected": "bdead84ec68001377e599230e86c3ea18d277a13" }, { "introduced": "0" }, { "last_affected": "9823c7197150e4134490c043c2e2e53733eae783" }, { "introduced": "0" }, { "last_affected": "c31632ccdf5c9a76499ad36b40c8cf52c1602754" } ], "repo": "https://github.com/nextcloud/server", "type": "GIT" } ] } ], "details": "A bug causing session fixation in Nextcloud Server prior to 14.0.0, 13.0.3 and 12.0.8 could potentially allow an attacker to obtain access to password protected shares.", "id": "CVE-2018-16463", "modified": "2026-03-13T21:49:15.905254493Z", "published": "2018-10-30T21:29:00.510Z", "references": [ { "type": "ADVISORY", "url": "https://hackerone.com/reports/237184" }, { "type": "ADVISORY", "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2018-013" } ], "severity": [ { "score": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N", "type": "CVSS_V3" } ] }