diff options
author | Joas Schilling <coding@schilljs.com> | 2020-06-08 18:28:23 +0300 |
---|---|---|
committer | Joas Schilling <coding@schilljs.com> | 2020-06-08 18:28:23 +0300 |
commit | b3cd301ccb5af26eb8469b8e9c3adb72f510bfa4 (patch) | |
tree | 43db90ff0b21cc1fb73f16a4b20179278fcf2971 /deck | |
parent | f17b28abd786e457f5243ee3c7e978cf7f6baa67 (diff) |
Advisory for #827816
Signed-off-by: Joas Schilling <coding@schilljs.com>
Diffstat (limited to 'deck')
-rw-r--r-- | deck/nc-sa-2020-025.json | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/deck/nc-sa-2020-025.json b/deck/nc-sa-2020-025.json new file mode 100644 index 0000000..11a003f --- /dev/null +++ b/deck/nc-sa-2020-025.json @@ -0,0 +1,32 @@ +{ + "Title": "Missing permission check on resharing a board", + "Timestamp": 1586347200, + "Risk": 1, + "CVSS3": { + "score": 7.3, + "vector": "AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H" + }, + "CWE": { + "id": 284, + "name": "Improper Access Control - Generic" + }, + "HackerOne": 827816, + "Affected":[ + { + "Version":"0.8.1", + "CVE":"CVE-2020-8182", + "Operator":"<" + } + ], + "Description":"Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with them with more permissions than they had themselves.", + "ActionTaken": "The error has been fixed.", + "Acknowledgment":[ + { + "Name": "Silvia Väli", + "Mail": "silvia@clarifiedsecurity.com", + "Website": "https://www.clarifiedsecurity.com/silvia-vali/", + "Reason": "Vulnerability discovery and disclosure." + } + ], + "Resolution": "It is recommended that the Nextcloud Deck is upgraded to 0.8.1." +} |