VDB
CVE-2020-8225
CVE-2020-8225
PUBLISHED
A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials.
EPSS 0.56% · 68.8th percentile
Risk Scores
EPSS Score
0.56%
68.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:20.04:LTS | nextcloud-desktop | 0, 2.5.3-1, 2.6.1-1 |
Exploit Intelligence
- Clear text storage of proxy parameters and passwords (hackerone)
- Clear text storage of proxy parameters and passwords (hackerone)
- Clear text storage of proxy parameters and passwords (hackerone)
- https://nextcloud.com/security/advisory/?id=NC-SA-2020-031 (circl)
- https://hackerone.com/reports/685990 (canonical)
Timeline
- CVE Published
- Sep 16, 2020 PoC Published
- Apr 14, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Mar 17, 2025 EPSS Score
- Mar 19, 2025 EPSS Score
- Mar 21, 2025 EPSS Score
- Mar 22, 2025 EPSS Score
- Mar 24, 2025 EPSS Score
- Mar 29, 2025 EPSS Score
- Apr 13, 2025 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-8225 third-party-advisory
- https://nextcloud.com/security/advisory/?id=NC-SA-2020-031 third-party-advisory
- https://hackerone.com/reports/685990 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-8225 third-party-advisory