Cryptographic Vulnerability in Nextcloud Server 19.0.1 Allows Downgrade Attack
CVE-2020-8150

4.1MEDIUM

Key Information:

Vendor

Nextcloud
Status
Nextcloud Server
Vendor
CVE Published:
9 November 2020

What is CVE-2020-8150?

A cryptographic flaw in Nextcloud Server version 19.0.1 allows attackers to downgrade the encryption scheme utilized, compromising the integrity of encrypted files. This vulnerability puts sensitive data at risk, enabling potential unauthorized access and manipulation. It is crucial for users to apply the latest security updates to mitigate this risk.

Affected Version(s)

Nextcloud Server 19.0.2

References

https://hackerone.com/reports/742588
x_refsource_MISC
https://nextcloud.com/security/advisory/?id=NC-SA-2020-039
x_refsource_MISC
http://seclists.org/fulldisclosure/2020/Dec/55
mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:
4.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.