CVE-2020-8150
Description
A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files.
References
ExploitThird Party Advisory
Vendor Advisory
Mailing ListThird Party Advisory
Mailing ListThird Party Advisory
Mailing ListThird Party Advisory
CvssV3 impact
BaseSeverity | MEDIUM |
ConfidentialityImpact | NONE |
AttackComplexity | HIGH |
Scope | UNCHANGED |
AttackVector | LOCAL |
AvailabilityImpact | NONE |
IntegrityImpact | HIGH |
PrivilegesRequired | HIGH |
BaseScore | 4.1 |
VectorString | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N |
Version | 3.1 |
UserInteraction | NONE |
CvssV2 impact
AccessComplexity | MEDIUM |
ConfidentialityImpact | NONE |
AvailabilityImpact | NONE |
IntegrityImpact | PARTIAL |
BaseScore | 1.9 |
VectorString | AV:L/AC:M/Au:N/C:N/I:P/A:N |
Version | 2.0 |
AccessVector | LOCAL |
Authentication | NONE |