CVE-2020-8138

A missing check for IPv4 nested inside IPv6 in Nextcloud server < 17.0.1, < 16.0.7, and < 15.0.14 allowed a Server-Side Request Forgery (SSRF) vulnerability when subscribing to a malicious calendar URL.
References
Link Resource
https://nextcloud.com/security/advisory/?id=NC-SA-2020-014 Third Party Advisory
https://hackerone.com/reports/736867 Exploit Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*

Information

Published : 2020-03-20 14:15

Updated : 2020-03-25 11:38


NVD link : CVE-2020-8138

Mitre link : CVE-2020-8138


JSON object : View

CWE
CWE-918

Server-Side Request Forgery (SSRF)

Advertisement

dedicated server usa

Products Affected

nextcloud

  • nextcloud_server