Man-in-the-Middle Vulnerability in Nextcloud Social Software by Nextcloud
CVE-2020-8279

7.4HIGH

Key Information:

Vendor: Nextcloud
Status: Nextcloud Social
Vendor: CVE Published:; 19 November 2020

What is CVE-2020-8279?

The vulnerability in Nextcloud Social prior to version 0.4.0 arises from inadequate validation of server certificates for outgoing connections. This flaw enables attackers to perform man-in-the-middle attacks, potentially intercepting and manipulating sensitive data transmitted between the user and the server. Users of affected versions should promptly update to mitigate the risk of exploitation.

Affected Version(s)

Nextcloud Social Affects <0.4.0 < Affects 0.4.0

Nextcloud Social Fixed in 0.4.0

References

https://hackerone.com/reports/915585

x_refsource_MISC

https://nextcloud.com/security/advisory/?id=NC-SA-2020-043

x_refsource_CONFIRM

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 19, 2020
Vulnerability Reserved
Jan 28, 2020