CVE-2020-8152

Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to decrypt them later on.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.4 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
hackeroneCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 31%
VendorProductVersion
nextcloudnextcloud_server
𝑥
< 20.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://seclists.org/fulldisclosure/2020/Dec/54
https://hackerone.com/reports/743505
https://nextcloud.com/security/advisory/?id=NC-SA-2020-040
http://seclists.org/fulldisclosure/2020/Dec/54
https://hackerone.com/reports/743505
https://nextcloud.com/security/advisory/?id=NC-SA-2020-040