CVE-2020-8122

Published: Feb 4, 2020Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

A missing check in Nextcloud Server 14.0.3 could give recipient the possibility to extend the expiration date of a share they received.

Affected (4)

Products: Nextcloud: Nextcloud Server

1 product

Nextcloud Server

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Nextcloud Nextcloud Server	Before 12.0.13
Nextcloud Nextcloud Server	From 13.0.0 to 13.0.8
Nextcloud Nextcloud Server	From 14.0.0 to 14.0.4
Nextcloud Nextcloud Server	From 14.0.5 to 15.0.0

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (4)

https://hackerone.com/reports/447494

Source: support@hackerone.com

ExploitThird Party Advisory

https://nextcloud.com/security/advisory/?id=NC-SA-2019-002

Source: support@hackerone.com

Vendor Advisory

https://hackerone.com/reports/447494

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://nextcloud.com/security/advisory/?id=NC-SA-2019-002

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.