Privilege Escalation Vulnerability in Nextcloud Server by Nextcloud
CVE-2020-8223

6.5MEDIUM

Key Information:

Vendor

Nextcloud
Status
Nextcloud Server
Vendor
CVE Published:
5 October 2020

What is CVE-2020-8223?

A logic error in Nextcloud Server 19.0.0 allows unauthorized users to reshare files with elevated permissions, beyond what they were assigned. This flaw could be exploited by malicious actors to gain inappropriate access to shared content, posing significant security risks to user data and overall system integrity. Users should be aware of this vulnerability and ensure that their instances of Nextcloud are appropriately updated and secured to prevent unauthorized access.

Affected Version(s)

Nextcloud Server Fixed in 19.0.1

References

https://hackerone.com/reports/889243
x_refsource_MISC
https://nextcloud.com/security/advisory/?id=NC-SA-2020-029
x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.