CVE-2020-8150

A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.1 MEDIUM
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N
hackeroneCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 9%
VendorProductVersion
nextcloudnextcloud_server
𝑥
< 19.0.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://seclists.org/fulldisclosure/2020/Dec/55
http://seclists.org/fulldisclosure/2020/Dec/57
http://seclists.org/fulldisclosure/2020/Dec/58
https://hackerone.com/reports/742588
https://nextcloud.com/security/advisory/?id=NC-SA-2020-039
http://seclists.org/fulldisclosure/2020/Dec/55
http://seclists.org/fulldisclosure/2020/Dec/57
http://seclists.org/fulldisclosure/2020/Dec/58
https://hackerone.com/reports/742588
https://nextcloud.com/security/advisory/?id=NC-SA-2020-039