Multiple vulnerabilities in Nextcloud Desktop client



Published: 2020-08-27
Risk Medium
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2020-8189
CVE-2020-8227
CWE-ID CWE-79
CWE-22
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		desktop
Other software / Other software solutions

Vendor Nextcloud

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Cross-site scripting

EUVDB-ID: #VU46083

Risk: Low

CVSSv3.1: 3.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-8189

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to read and manipulate data.

A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local links) when responding with invalid data on the login attempt.

Mitigation

Install update from vendor's website.

Vulnerable software versions

desktop: 2.0.0 - 2.6.4

External links

http://hackerone.com/reports/685552
http://nextcloud.com/security/advisory/?id=NC-SA-2020-027


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Path traversal

EUVDB-ID: #VU46082

Risk: Medium

CVSSv3.1: 3.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-8227

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote privileged user to execute arbitrary code.

Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory.

Mitigation

Install update from vendor's website.

Vulnerable software versions

desktop: 2.0.0 - 2.6.4

External links

http://hackerone.com/reports/590319
http://nextcloud.com/security/advisory/?id=NC-SA-2020-032


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###