CVE-2020-8223Improper Privilege Management in Server

CWE-269Improper Privilege Management3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 65.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nextcloud ServerFedoraproject Fedora
Timeline
PublishedOct 5
Latest updateMay 24

Description

A logic error in Nextcloud Server 19.0.0 caused a privilege escalation allowing malicious users to reshare with higher permissions than they got assigned themselves.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5nextcloud/nextcloud_serverFixed in 19.0.1

Also affects: Fedora 32, 33

🔴Vulnerability Details

2
GHSA
GHSA-wp2j-2549-fwhp: A logic error in Nextcloud Server 192022-05-24
CVEList
CVE-2020-8223: A logic error in Nextcloud Server 192020-10-05
CVE-2020-8223 — Improper Privilege Management in Server | cvebase