CVE-2020-8156Improper Certificate Validation in Mail

CWE-295Improper Certificate Validation6 documents4 sources
Severity
7.0HIGHNVD
EPSS
0.5%
top 32.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nextcloud MailFedoraproject Fedora
Timeline
PublishedMay 12
Latest updateMay 24

Description

A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:LExploitability: 2.2 | Impact: 4.7

Affected Packages1 packages

NVDnextcloud/mail< 1.1.4

Also affects: Fedora 32

🔴Vulnerability Details

2
GHSA
GHSA-fgvj-4m6x-j67f: A missing verification of the TLS host in Nextcloud Mail 12022-05-24
CVEList
CVE-2020-8156: A missing verification of the TLS host in Nextcloud Mail 12020-05-12

💬Community

3
Bugzilla
CVE-2020-8153 CVE-2020-8154 CVE-2020-8155 CVE-2020-8156 nextcloud: multiple vulnerabilities2020-05-20
Bugzilla
CVE-2020-8153 CVE-2020-8154 CVE-2020-8155 CVE-2020-8156 nextcloud: multiple vulnerabilities [fedora-all]2020-05-20
Bugzilla
CVE-2020-8153 CVE-2020-8154 CVE-2020-8155 CVE-2020-8156 nextcloud: multiple vulnerabilities [epel-7]2020-05-20
CVE-2020-8156 — Improper Certificate Validation in Mail | cvebase