4.1

CVE-2020-8150

Exploit
A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NextcloudNextcloud Server Version < 19.0.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.04% 0.1
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.1 0.5 3.6
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov 1.9 3.4 2.9
AV:L/AC:M/Au:N/C:N/I:P/A:N
CWE-311 Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

http://seclists.org/fulldisclosure/2020/Dec/55
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2020/Dec/57
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2020/Dec/58
Third Party Advisory
Mailing List
https://hackerone.com/reports/742588
Third Party Advisory
Exploit