CVE-2020-8227

{"id": "CVE-2020-8227", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "HIGH", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}]}, "published": "2020-08-21T21:15:11.967", "references": [{"url": "https://hackerone.com/reports/590319", "tags": ["Exploit", "Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-032", "tags": ["Broken Link", "Exploit", "Vendor Advisory"], "source": "support@hackerone.com"}, {"url": "https://security.gentoo.org/glsa/202009-09", "tags": ["Third Party Advisory"], "source": "support@hackerone.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}, {"type": "Secondary", "source": "support@hackerone.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory."}, {"lang": "es", "value": "Una falta de saneamiento de una respuesta del servidor en Nextcloud Desktop Client versi\u00f3n 2.6.4 para Linux permiti\u00f3 que un Servidor de Nextcloud malicioso almacenara archivos fuera del directorio de sincronizaci\u00f3n dedicado."}], "lastModified": "2022-09-27T16:01:31.960", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nextcloud:desktop:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "032BCD9E-159A-4BB1-BCE6-0E405BA6F6C4", "versionEndExcluding": "2.6.5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "support@hackerone.com"}