CVE-2020-8173

A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.2 LOW
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
hackeroneCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
VendorProductVersion
nextcloudnextcloud_server
𝑥
< 17.0.7
nextcloudnextcloud_server
18.0.0 ≤
𝑥
< 18.0.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://hackerone.com/reports/852841
https://nextcloud.com/security/advisory/?id=NC-SA-2020-023
https://hackerone.com/reports/852841
https://nextcloud.com/security/advisory/?id=NC-SA-2020-023