4.1

CVE-2020-8150

Exploit

A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files.

Data is provided by the National Vulnerability Database (NVD)
NextcloudNextcloud Server Version < 19.0.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.04% 0.095
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 4.1 0.5 3.6
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov 1.9 3.4 2.9
AV:L/AC:M/Au:N/C:N/I:P/A:N
CWE-311 Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

http://seclists.org/fulldisclosure/2020/Dec/55
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2020/Dec/57
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2020/Dec/58
Third Party Advisory
Mailing List
https://hackerone.com/reports/742588
Third Party Advisory
Exploit