Bug ID 1175663
Summary VUL-0: CVE-2020-8227: nextcloud-desktop: missing sanitization of a server response
Classification openSUSE
Product openSUSE Distribution
Version Leap 15.2
Hardware Other
URL https://smash.suse.de/issue/265820/
OS Other
Status NEW
Severity Minor
Priority P5 - None
Component Basesystem
Assignee screening-team-bugs@suse.de
Reporter abergmann@suse.com
QA Contact security-team@suse.de
Found By Security Response Team
Blocker ---

CVE-2020-8227

Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for
Linux allowed a malicious Nextcloud Server to store files outside of the
dedicated sync directory.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8227
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8227
https://hackerone.com/reports/590319
https://nextcloud.com/security/advisory/?id=NC-SA-2020-032


You are receiving this mail because: