CVE-2020-8183Plaintext Storage of a Password in Server

CWE-256Plaintext Storage of a PasswordCWE-522Insufficiently Protected Credentials3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 39.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Nextcloud Server
Timeline
PublishedNov 2
Latest updateMay 24

Description

A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDnextcloud/nextcloud_server19.0.019.0.1+1
CVEListV5nextcloud/nextcloud_server19.0.1

🔴Vulnerability Details

2
GHSA
GHSA-jg28-fqcj-8vhj: A logic error in Nextcloud Server 192022-05-24
CVEList
CVE-2020-8183: A logic error in Nextcloud Server 192020-10-30
CVE-2020-8183 — Plaintext Storage of a Password | cvebase