CVE-2020-8150Missing Encryption of Sensitive Data in Server

CWE-310CWE-311Missing Encryption of Sensitive Data3 documents3 sources
Severity
4.1MEDIUMNVD
EPSS
0.0%
top 89.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Nextcloud Server
Timeline
PublishedNov 9
Latest updateMay 24

Description

A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:NExploitability: 0.5 | Impact: 3.6

Affected Packages2 packages

CVEListV5nextcloud/nextcloud_server19.0.2

🔴Vulnerability Details

2
GHSA
GHSA-2q3r-568x-rqmv: A cryptographic issue in Nextcloud Server 192022-05-24
CVEList
CVE-2020-8150: A cryptographic issue in Nextcloud Server 192020-11-09
CVE-2020-8150 — Missing Encryption of Sensitive Data | cvebase