← Back

CVE-2020-8118

nvd nist
Published: Feb 4, 2020Modified: Nov 21, 2024

JSON object

Loading...
5.0
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Exploitability: 3.1 / Impact: 1.4
Source: NVD

Description

An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application.

Affected (4)

Nextcloud
1 product
Nextcloud Server
Novell
1 product
Suse Linux Enterprise Server
Opensuse
1 product
Backports Sle
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Nextcloud
Nextcloud Server
Before 15.0.9
Nextcloud Server
From 16.0.0 to 16.0.2
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Suse Linux Enterprise Server
Version 12.0
Backports Sle
Version 15.0 sp1

Related CWEs

CWE-918
Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (8)

Source: support@hackerone.com
Release NotesThird Party Advisory
Source: support@hackerone.com
Release NotesThird Party Advisory
Source: support@hackerone.com
ExploitThird Party Advisory
Source: support@hackerone.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.