CVE-2020-8236

A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the user feel the passwordless WebAuthn is also a two factor verification by asking for the PIN of the passwordless WebAuthn but not verifying it.

CVSS v3 6.8 MEDIUM
CVSS v2.0 4.6 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://hackerone.com/reports/924393	Exploit Third Party Advisory
https://nextcloud.com/security/advisory/?id=NC-SA-2020-037	Broken Link Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*

History

27 Sep 2022, 15:47

Type	Values Removed	Values Added
CPE	cpe:2.3:a:nextcloud:nextcloud::::::::	cpe:2.3:a:nextcloud:nextcloud_server::::::::
References	~~(MISC) https://nextcloud.com/security/advisory/?id=NC-SA-2020-037 - Vendor Advisory~~	(MISC) https://nextcloud.com/security/advisory/?id=NC-SA-2020-037 - Broken Link, Vendor Advisory
First Time		Nextcloud nextcloud Server

Information

Published : 2020-11-02 21:15

Updated : 2023-12-10 13:41

NVD link : CVE-2020-8236

Mitre link : CVE-2020-8236

CVE.ORG link : CVE-2020-8236

JSON object : View

Products Affected

nextcloud

nextcloud_server

CWE

CWE-287

Improper Authentication

{"id": "CVE-2020-8236", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}]}, "published": "2020-11-02T21:15:34.867", "references": [{"url": "https://hackerone.com/reports/924393", "tags": ["Exploit", "Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-037", "tags": ["Broken Link", "Vendor Advisory"], "source": "support@hackerone.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}, {"type": "Secondary", "source": "support@hackerone.com", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the user feel the passwordless WebAuthn is also a two factor verification by asking for the PIN of the passwordless WebAuthn but not verifying it."}, {"lang": "es", "value": "Una configuraci\u00f3n incorrecta en Nextcloud Server versi\u00f3n 19.0.1, hizo que el usuario sintiera incorrectamente que WebAuthn sin contrase\u00f1a tambi\u00e9n era una verificaci\u00f3n de dos factores al solicitar el PIN de WebAuthn sin contrase\u00f1a pero sin verificarlo"}], "lastModified": "2022-09-27T15:47:26.667", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC2E71AB-4078-49DD-B276-7CC5990A792B", "versionEndExcluding": "19.0.2"}], "operator": "OR"}]}], "sourceIdentifier": "support@hackerone.com"}