CVE-2020-8227

Severity CVSS v4.0:
Pending analysis
Type:
CWE-22 Path Traversal
Publication date:
21/08/2020
Last modified:
27/09/2022

Description

Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:nextcloud:desktop:*:*:*:*:*:*:*:* 2.6.5 (excluding)
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*