Vulnerability in Nextcloud Server

CVE-2020-8133

A wrong generation of the passphrase for the encrypted block in Nextcloud Server 19.0.1 allowed an attacker to overwrite blocks in a file.

EPSS: 0.002 (37.9th percentile) — read the EPSS interpretation.

Affected products

N/a Nextcloud Server — versions 19.0.2

Weakness classification (CWE)

CWE-657

References

hackerone.com/reports/661051, (x_refsource_MISC)
nextcloud.com/security/advisory/ (x_refsource_MISC)