CVE-2020-8227

Опубликовано: 21 авг. 2020

Источник: nvd

CVSS3: 6.8

CVSS2: 7.1

EPSS Низкий

Описание

Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory.

Ссылки

https://hackerone.com/reports/590319
Exploit
Third Party Advisory
https://nextcloud.com/security/advisory/?id=NC-SA-2020-032
Broken Link
Exploit
Vendor Advisory
https://security.gentoo.org/glsa/202009-09
Third Party Advisory
https://hackerone.com/reports/590319
Exploit
Third Party Advisory
https://nextcloud.com/security/advisory/?id=NC-SA-2020-032
Broken Link
Exploit
Vendor Advisory
https://security.gentoo.org/glsa/202009-09
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:nextcloud:desktop:*:*:*:*:*:*:*:*

Версия до 2.6.5 (исключая)

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

EPSS

Процентиль: 89%

0.04677

Низкий

6.8 Medium

CVSS3

7.1 High

CVSS2

Дефекты

CWE-22

Связанные уязвимости

CVE-2020-8227

CVSS3: 6.8

ubuntu

больше 5 лет назад

Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory.

CVE-2020-8227

CVSS3: 6.8

debian

больше 5 лет назад

Missing sanitization of a server response in Nextcloud Desktop Client ...

GHSA-64gg-6m36-39px

CVSS3: 6.8

github

больше 3 лет назад

Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory.

EPSS

Процентиль: 89%

0.04677

Низкий

6.8 Medium

CVSS3

7.1 High

CVSS2

Дефекты

CWE-22