diff options
Diffstat (limited to 'old/server/nc-sa-2020-039.json')
-rw-r--r-- | old/server/nc-sa-2020-039.json | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/old/server/nc-sa-2020-039.json b/old/server/nc-sa-2020-039.json new file mode 100644 index 0000000..7d29f4a --- /dev/null +++ b/old/server/nc-sa-2020-039.json @@ -0,0 +1,33 @@ +{ + "Title": "Downgrade encryption scheme and break integrity through known-plaintext attack", + "Timestamp": 1598400000, + "Risk": 1, + "CVSS3": { + "score": 5.3, + "vector": "AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N" + }, + "CWE": { + "id": 310, + "name": "Cryptographic Issues - Generic" + }, + "HackerOne": 742588, + "Affected":[ + { + "Version":"19.0.2", + "CVE":"CVE-2020-8150", + "Operator":"<" + } + ], + "Description":"A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files.", + "ActionTaken": "The error has been fixed.", + "Acknowledgment":[ + { + "Name": "Kevin \"Kenny\" Niehage", + "Mail": "kenny@syseleven.de", + "Company": "SysEleven GmbH", + "Website": "https://www.syseleven.de/", + "Reason": "Vulnerability discovery and disclosure." + } + ], + "Resolution": "It is recommended that the Nextcloud Server is upgraded to 19.0.2." +} |