Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/nextcloud/security-advisories.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/old/deck/nc-sa-2020-025.json
diff options
context:
space:
mode:
Diffstat (limited to 'old/deck/nc-sa-2020-025.json')
-rw-r--r--old/deck/nc-sa-2020-025.json33
1 files changed, 33 insertions, 0 deletions
diff --git a/old/deck/nc-sa-2020-025.json b/old/deck/nc-sa-2020-025.json
new file mode 100644
index 0000000..54a051f
--- /dev/null
+++ b/old/deck/nc-sa-2020-025.json
@@ -0,0 +1,33 @@
+{
+ "Title": "Missing permission check on resharing a board",
+ "Timestamp": 1586347200,
+ "Risk": 1,
+ "CVSS3": {
+ "score": 7.3,
+ "vector": "AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H"
+ },
+ "CWE": {
+ "id": 284,
+ "name": "Improper Access Control - Generic"
+ },
+ "HackerOne": 827816,
+ "Affected":[
+ {
+ "Version":"0.8.1",
+ "CVE":"CVE-2020-8182",
+ "Operator":"<"
+ }
+ ],
+ "Description":"Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with them with more permissions than they had themselves.",
+ "ActionTaken": "The error has been fixed.",
+ "Acknowledgment":[
+ {
+ "Name": "Silvia Väli",
+ "Company": "Clarified Security",
+ "Mail": "silvia@clarifiedsecurity.com",
+ "Website": "https://www.clarifiedsecurity.com/silvia-vali/",
+ "Reason": "Vulnerability discovery and disclosure."
+ }
+ ],
+ "Resolution": "It is recommended that the Nextcloud Deck is upgraded to 0.8.1."
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-20 20:30:35 +0300