New subject: [Bug 1177346] VUL-0: CVE-2020-8223: nextcloud: privilege escalation allowing malicious users to reshare with higher permissions than they got assigned themselves

6 Oct 2020

      http://bugzilla.opensuse.org/show_bug.cgi?id=1177346

            Bug ID: 1177346
           Summary: VUL-0: CVE-2020-8223: privilege escalation allowing
                    malicious users to reshare with higher permissions
                    than they got assigned themselves
    Classification: openSUSE
           Product: openSUSE Distribution
           Version: Leap 15.2
          Hardware: Other
               URL: https://smash.suse.de/issue/268781/
                OS: Other
            Status: NEW
          Severity: Minor
          Priority: P5 - None
         Component: Security
          Assignee: ecsos@schirra.net
          Reporter: wolfgang.frisch@suse.com
        QA Contact: security-team@suse.de
          Found By: Security Response Team
           Blocker: ---

CVE-2020-8223

A logic error in Nextcloud Server 19.0.0 caused a privilege escalation allowing
malicious users to reshare with higher permissions than they got assigned
themselves.

References:
https://nextcloud.com/security/advisory/?id=NC-SA-2020-029
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8223
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8223
https://hackerone.com/reports/889243

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug 1177346] New: VUL-0: CVE-2020-8223: privilege escalation allowing malicious users to reshare with higher permissions than they got assigned themselves

bugzilla_noreply＠suse.com

bugzilla_noreply＠suse.com

bugzilla_noreply＠suse.com

bugzilla_noreply＠suse.com

bugzilla_noreply＠suse.com

tags

participants (1)