Information Exposure Affecting nextcloud package, versions [,13.0.9)[14.0.0,14.0.5)[14.0.6,15.0.0)


Severity

Recommended
0.0
high
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

Exploit Maturity
Not Defined
EPSS
0.12% (48th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-UNMANAGED-NEXTCLOUD-2371467
  • published26 Jan 2022
  • disclosed4 Feb 2020
  • creditUnknown

Introduced: 4 Feb 2020

CVE-2020-8121  (opens in a new tab)
CWE-668  (opens in a new tab)

How to fix?

Upgrade nextcloud to version 13.0.9, 14.0.5, 15.0.0 or higher.

Overview

Affected versions of this package are vulnerable to Information Exposure. A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the sharer.

References

CVSS Scores

version 3.1