CVE-2020-8173

Severity CVSS v4.0:
Pending analysis
Type:
CWE-311 Missing Encryption of Sensitive Data
Publication date:
02/11/2020
Last modified:
27/09/2022

Description

A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:* 17.0.7 (excluding)
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:* 18.0.0 (including) 18.0.5 (excluding)