Multiple vulnerabilities in Nextcloud Desktop Client
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2020-8224 CVE-2020-8230 CVE-2020-8229 CVE-2020-8225 |
| CWE-ID | CWE-94 CWE-693 CWE-401 CWE-312 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
desktop Other software / Other software solutions |
| Vendor | Nextcloud |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Code Injection
EUVDB-ID: #VU46714
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-8224
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation when processing OpenSSL configuration file. A remote user can upload a malicious OpenSSL config file into a fixed directory and execute arbitrary code on the system.
Mitigation
Install updates from vendor's website.
Vulnerable software versionsdesktop: 2.6.0 - 2.6.4
External linkshttp://hackerone.com/reports/622170
http://nextcloud.com/security/advisory/?id=NC-SA-2020-030
http://security.gentoo.org/glsa/202009-09
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Protection mechanism failure
EUVDB-ID: #VU46717
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-8230
CWE-ID:
CWE-693 - Protection Mechanism Failure
Exploit availability: No
DescriptionThe vulnerability allows an attacker to leverage absence of security measures.
The vulnerability exists due to application does not implement ASLR and DEP protection mechanisms. A remote attacker can leverage from absence of such feature to facilitate exploitation of other vulnerabilities in the application.
Install updates from vendor's website.
Vulnerable software versionsdesktop: 2.6.0 - 2.6.4
External linkshttp://hackerone.com/reports/380102
http://nextcloud.com/security/advisory/?id=NC-SA-2020-035
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Memory leak
EUVDB-ID: #VU46718
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-8229
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the OCUtil.dll library used by Nextcloud Desktop Client. A local user can perform a denial of service attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsdesktop: 2.6.0 - 2.6.4
External linkshttp://hackerone.com/reports/588562
http://nextcloud.com/security/advisory/?id=NC-SA-2020-034
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Cleartext storage of sensitive information
EUVDB-ID: #VU52064
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-8225
CWE-ID:
CWE-312 - Cleartext Storage of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to software stores in clear text information about used proxies and their authentication credentials. A local user can read the log files and gain access to sensitive information.
Install updates from vendor's website.
Vulnerable software versionsdesktop: 2.6.0 - 2.6.4
External linkshttp://hackerone.com/reports/685990
http://nextcloud.com/security/advisory/?id=NC-SA-2020-031
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
