Code Injection Vulnerability in Nextcloud Desktop Client by Nextcloud
CVE-2020-8224

7.8HIGH

Key Information:

Vendor

Nextcloud
Status
Desktop Client
Vendor
CVE Published:
10 August 2020

What is CVE-2020-8224?

A code injection vulnerability exists in Nextcloud Desktop Client 2.6.4 that can be exploited to execute arbitrary code. This occurs when a malicious OpenSSL configuration file is placed in a designated directory, allowing an attacker to leverage the vulnerability to run unauthorized commands. Proper security measures should be adopted to mitigate the risk associated with this flaw.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Desktop Client Fixed in 2.6.5

References

https://hackerone.com/reports/622170
x_refsource_MISC
https://nextcloud.com/security/advisory/?id=NC-SA-2020-030
x_refsource_MISC
https://security.gentoo.org/glsa/202009-09
vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.