CVE-2020-8118

Опубликовано: 04 фев. 2020

Источник: nvd

CVSS3: 5

CVSS2: 4

EPSS Низкий

Описание

An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html
Release Notes
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.html
Release Notes
Third Party Advisory
https://hackerone.com/reports/427835
Exploit
Third Party Advisory
https://nextcloud.com/security/advisory/?id=NC-SA-2019-014
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html
Release Notes
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.html
Release Notes
Third Party Advisory
https://hackerone.com/reports/427835
Exploit
Third Party Advisory
https://nextcloud.com/security/advisory/?id=NC-SA-2019-014
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*

Версия до 15.0.9 (исключая)

cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*

Версия от 16.0.0 (включая) до 16.0.2 (исключая)

Конфигурация 2

Одно из

cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*

cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:-:*:*:*:*:*:*

EPSS

Процентиль: 79%

0.01317

Низкий

5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-918

Связанные уязвимости

CVE-2020-8118

CVSS3: 5

debian

больше 5 лет назад

An authenticated server-side request forgery in Nextcloud server 16.0. ...

GHSA-gwpm-3v8h-j4wh

github

около 3 лет назад