{"id":"CVE-2018-3776","details":"Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker's actions not being logged in the audit log.","modified":"2026-04-10T04:09:26.659493Z","published":"2018-08-12T22:29:00.627Z","references":[{"type":"ADVISORY","url":"https://nextcloud.com/security/advisory/?id=NC-SA-2018-006"},{"type":"ADVISORY","url":"https://hackerone.com/reports/232347"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nextcloud/server","events":[{"introduced":"ed7b18799f7d57ab9346e224b4dcea0961c9537f"},{"fixed":"f637a1a2281c47a46912e5ecf3d7418ea4a682bb"},{"introduced":"98e26f8b5c8b238e7f3556e900c524ce78bde95a"},{"fixed":"343a69569db0aec48bc99fd3b23da08a7791d82b"}],"database_specific":{"versions":[{"introduced":"11.0.0"},{"fixed":"11.0.5"},{"introduced":"12.0.0"},{"fixed":"12.0.3"}]}}],"versions":["v11.0.0","v11.0.1","v11.0.1RC1","v11.0.2","v11.0.2RC1","v11.0.3","v11.0.3RC1","v11.0.3RC2","v11.0.4","v11.0.4RC1","v11.0.5RC1","v12.0.0","v12.0.1","v12.0.1RC1","v12.0.1RC2","v12.0.1RC3","v12.0.1RC4","v12.0.1RC5","v12.0.3RC1","v12.0.3RC2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-3776.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}]}