3.5

CVE-2020-8173

Exploit
A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NextcloudNextcloud Server Version < 17.0.7
NextcloudNextcloud Server Version >= 18.0.0 < 18.0.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.37% 0.281
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 2.2 0.7 1.4
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov 3.5 6.8 2.9
AV:N/AC:M/Au:S/C:P/I:N/A:N
CWE-311 Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

https://hackerone.com/reports/852841
Third Party Advisory
Exploit
https://nextcloud.com/security/advisory/?id=NC-SA-2020-023
Vendor Advisory
Broken Link