CVE-2020-8152

Опубликовано: 16 нояб. 2020

Источник: nvd

CVSS3: 4.4

CVSS2: 2.1

EPSS Низкий

Описание

Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to decrypt them later on.

Ссылки

http://seclists.org/fulldisclosure/2020/Dec/54
Exploit
Mailing List
Third Party Advisory
https://hackerone.com/reports/743505
Exploit
Issue Tracking
Third Party Advisory
https://nextcloud.com/security/advisory/?id=NC-SA-2020-040
Broken Link
Vendor Advisory
http://seclists.org/fulldisclosure/2020/Dec/54
Exploit
Mailing List
Third Party Advisory
https://hackerone.com/reports/743505
Exploit
Issue Tracking
Third Party Advisory
https://nextcloud.com/security/advisory/?id=NC-SA-2020-040
Broken Link
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*

Версия до 20.0.0 (исключая)

EPSS

Процентиль: 31%

0.00114

Низкий

4.4 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-522

Связанные уязвимости

CVE-2020-8152

CVSS3: 4.4

debian

больше 4 лет назад

Insufficient protection of the server-side encryption keys in Nextclou ...

GHSA-wh9j-q6hg-x337

CVSS3: 4.4

github

около 3 лет назад

Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to decrypt them later on.

EPSS

Процентиль: 31%

0.00114

Низкий

4.4 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-522