PT-2020-19987 · Nextcloud+1 · Nextcloud Server+1
Published
2020-09-11
·
Updated
2022-09-27
·
CVE-2020-8152
CVSS v3.1
4.4
Medium
| Vector | AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Nextcloud Server version 19.0.1
Description
The issue is related to insufficient protection of server-side encryption keys, allowing an attacker to replace the public key and potentially decrypt them later. This could lead to an elevation of privilege.
Recommendations
For Nextcloud Server version 19.0.1, update to a version that includes a fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to the server-side encryption keys to minimize the risk of exploitation.
Exploit
Fix
Insufficiently Protected Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Nextcloud Server