CVE-2020-8152

MEDIUM

Nextcloud Server 19.0.1 - Info Disclosure

Title source: llm

Description

Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to decrypt them later on.

References (3)

[Exploit, Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2020/Dec/54

[Exploit, Issue Tracking, Third Party Advisory] https://hackerone.com/reports/743505

[Broken Link, Vendor Advisory] https://nextcloud.com/security/advisory/?id=NC-SA-2020-040

Scores

CVSS v3 4.4

EPSS 0.0004

EPSS Percentile 11.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Classification

CWE

CWE-522

Status published

Affected Products (1)

nextcloud/nextcloud_server < 20.0.0

Timeline

Published Nov 16, 2020

Tracked Since Feb 18, 2026