PT-2020-19989 · Nextcloud+2 · Nextcloud Server+2

Published

2020-05-12

Updated

2020-10-19

CVE-2020-8154

CVSS v3.1

7.7

High

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Nextcloud Server version 18.0.2

Description An issue in Nextcloud Server allowed an attacker to remotely wipe devices of other users by sending a malicious request directly to an endpoint.

Recommendations For Nextcloud Server version 18.0.2, update to a version that contains a fix for this issue to prevent remote wipe attacks.

Exploit

Fix

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639

Related Identifiers

ALT-PU-2020-3060

CVE-2020-8154

OPENSUSE-SU-2020:0667-1

OPENSUSE-SU-2020:0668-1

OPENSUSE-SU-2020:0670-1

OPENSUSE-SU-2020:1652-1

OPENSUSE-SU-2020_0670-1

OPENSUSE-SU-2020_1652-1

OPENSUSE-SU-2024:11087-1

Affected Products

Alt Linux

Nextcloud Server

Suse

PT-2020-19989 · Nextcloud+2 · Nextcloud Server+2

CVE-2020-8154

Weakness Enumeration

Related Identifiers

Affected Products

References · 26