CVE-2020-8152

EUVD-2020-29045
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to decrypt them later on.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.4 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 11%
Affected Products (NVD)
VendorProductVersion
nextcloudnextcloud_server
𝑥
< 20.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://seclists.org/fulldisclosure/2020/Dec/54
https://hackerone.com/reports/743505
https://nextcloud.com/security/advisory/?id=NC-SA-2020-040
http://seclists.org/fulldisclosure/2020/Dec/54
https://hackerone.com/reports/743505
https://nextcloud.com/security/advisory/?id=NC-SA-2020-040