CVE-2020-8153

CWE-284Improper Access ControlCWE-732Incorrect Permission Assignment6 documents4 sources
Severity
8.1HIGH
EPSS
0.4%
top 41.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nextcloud Group FoldersFedoraproject Fedora
Timeline
PublishedMay 12
Latest updateMay 24

Description

Improper access control in Groupfolders app 4.0.3 allowed to delete hidden directories when when renaming an accessible item to the same name.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

CVEListV5nextcloud_groupfolders4.0.4

Also affects: Fedora 32

🔴Vulnerability Details

2
GHSA
GHSA-4mxw-7xgq-cm5c: Improper access control in Groupfolders app 42022-05-24
CVEList
CVE-2020-8153: Improper access control in Groupfolders app 42020-05-12

💬Community

3
Bugzilla
CVE-2020-8153 CVE-2020-8154 CVE-2020-8155 CVE-2020-8156 nextcloud: multiple vulnerabilities2020-05-20
Bugzilla
CVE-2020-8153 CVE-2020-8154 CVE-2020-8155 CVE-2020-8156 nextcloud: multiple vulnerabilities [fedora-all]2020-05-20
Bugzilla
CVE-2020-8153 CVE-2020-8154 CVE-2020-8155 CVE-2020-8156 nextcloud: multiple vulnerabilities [epel-7]2020-05-20
CVE-2020-8153 (HIGH CVSS 8.1) | Improper access control in Groupfol | cvebase.io