PT-2020-19959 · Nextcloud+1 · Nextcloud Server+1

Published

2018-12-05

Updated

2020-02-11

CVE-2020-8122

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Nextcloud Server version 14.0.3

Description A missing check in the software could allow a recipient to extend the expiration date of a shared item they received.

Recommendations For Nextcloud Server version 14.0.3, update to a version that includes the fix for this issue to prevent recipients from extending the expiration date of shared items.

Exploit

Fix

Improper Access Control

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-20

Related Identifiers

ALT-PU-2018-2775

CVE-2020-8122

Affected Products

Alt Linux

Nextcloud Server

PT-2020-19959 · Nextcloud+1 · Nextcloud Server+1

CVE-2020-8122

Weakness Enumeration

Related Identifiers

Affected Products

References · 4