CVE-2018-3776
Publication date 12 August 2018
Last updated 25 August 2025
Ubuntu priority
Description
Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker's actions not being logged in the audit log.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| owncloud | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
5.3 · Medium
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | Low |
| Availability impact | None |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |