CVE-2020-8133Violation of Secure Design Principles in Server

CWE-657Violation of Secure Design PrinciplesCWE-347Improper Verification of Cryptographic Signature3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
0.2%
top 61.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Nextcloud Server
Timeline
PublishedNov 9
Latest updateMay 24

Description

A wrong generation of the passphrase for the encrypted block in Nextcloud Server 19.0.1 allowed an attacker to overwrite blocks in a file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5nextcloud/nextcloud_server19.0.2

🔴Vulnerability Details

2
GHSA
GHSA-92hg-jjmr-6gv2: A wrong generation of the passphrase for the encrypted block in Nextcloud Server 192022-05-24
CVEList
CVE-2020-8133: A wrong generation of the passphrase for the encrypted block in Nextcloud Server 192020-11-09
CVE-2020-8133 — Violation of Secure Design Principles | cvebase