exploitDog

CVE-2020-8296

Опубликовано: 03 мар. 2021

Источник: nvd

CVSS3: 6.7

CVSS2: 4.6

EPSS Низкий

Описание

Nextcloud Server prior to 20.0.0 stores passwords in a recoverable format even when external storage is not configured.

Ссылки

https://github.com/nextcloud/server/issues/17439
Exploit
Third Party Advisory
https://github.com/nextcloud/server/pull/21037
Patch
Third Party Advisory
https://hackerone.com/reports/867164
Exploit
Issue Tracking
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L6BO6P6MP2MOWA6PZRXX32PLWPXN5O4S/
https://nextcloud.com/security/advisory/?id=NC-SA-2021-006
Vendor Advisory
https://github.com/nextcloud/server/issues/17439
Exploit
Third Party Advisory
https://github.com/nextcloud/server/pull/21037
Patch
Third Party Advisory
https://hackerone.com/reports/867164
Exploit
Issue Tracking
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L6BO6P6MP2MOWA6PZRXX32PLWPXN5O4S/
https://nextcloud.com/security/advisory/?id=NC-SA-2021-006
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*

Версия до 20.0.0 (исключая)

Конфигурация 2

cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

EPSS

Процентиль: 31%

0.00116

Низкий

6.7 Medium

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-257

CWE-521

Связанные уязвимости

CVE-2020-8296

CVSS3: 6.7

debian

больше 4 лет назад

Nextcloud Server prior to 20.0.0 stores passwords in a recoverable for ...

GHSA-6m9p-3vwc-4p47

github

около 3 лет назад

Nextcloud Server prior to 20.0.0 stores passwords in a recoverable format even when external storage is not configured.

EPSS

Процентиль: 31%

0.00116

Низкий

6.7 Medium

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-257

CWE-521