CVE-2020-8227

Опубликовано: 21 авг. 2020

Источник: debian

EPSS Низкий

Описание

Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
nextcloud-desktop	fixed	3.0.1-1		package
nextcloud-desktop	no-dsa		buster	package

Примечания

https://nextcloud.com/security/advisory/?id=NC-SA-2020-032
https://hackerone.com/reports/685552

EPSS

Процентиль: 89%

0.04677

Низкий

Связанные уязвимости

CVE-2020-8227

CVSS3: 6.8

ubuntu

больше 5 лет назад

Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory.

CVE-2020-8227

CVSS3: 6.8

nvd

больше 5 лет назад

Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory.

GHSA-64gg-6m36-39px

CVSS3: 6.8

github

больше 3 лет назад

Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory.

EPSS

Процентиль: 89%

0.04677

Низкий