CVE-2020-8117

Published: Feb 4, 2020Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

Improper preservation of permissions in Nextcloud Server 14.0.3 causes the event details to be leaked when sharing a non-public event.

Affected (3)

Products: Nextcloud: Nextcloud Server

1 product

Nextcloud Server

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Nextcloud Nextcloud Server	Before 12.0.13
Nextcloud Nextcloud Server	From 13.0.0 to 13.0.8
Nextcloud Nextcloud Server	From 14.0.0 to 14.0.4

Related CWEs

Improper Handling of Insufficient Permissions or Privileges

The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state.

Improper Preservation of Permissions

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

References (4)

https://hackerone.com/reports/439828

Source: support@hackerone.com

Permissions Required

https://nextcloud.com/security/advisory/?id=NC-SA-2020-013

Source: support@hackerone.com

Vendor Advisory

https://hackerone.com/reports/439828

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

https://nextcloud.com/security/advisory/?id=NC-SA-2020-013

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.