VDB
CVE-2020-8227
CVE-2020-8227
PUBLISHED
Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory.
EPSS 0.90% · 76.1th percentile
Risk Scores
EPSS Score
0.90%
76.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:20.04:LTS | nextcloud-desktop | 0, 2.5.3-1, 2.6.0-1 |
Exploit Intelligence
- Linux client is vulnerable to directory traversal when downloading files (hackerone)
- Linux client is vulnerable to directory traversal when downloading files (hackerone)
- Linux client is vulnerable to directory traversal when downloading files (hackerone)
- https://nextcloud.com/security/advisory/?id=NC-SA-2020-032 (circl)
- GLSA-202009-09 (circl)
- https://hackerone.com/reports/590319 (canonical)
Timeline
- CVE Published
- Aug 17, 2020 PoC Published
- Apr 14, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Feb 22, 2023 EPSS Score
- Mar 17, 2025 EPSS Score
- Mar 25, 2025 EPSS Score
- Mar 29, 2025 EPSS Score
- Apr 8, 2025 EPSS Score
- Apr 9, 2025 EPSS Score
- Apr 11, 2025 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-8227 third-party-advisory
- https://nextcloud.com/security/advisory/?id=NC-SA-2020-032 third-party-advisory
- https://hackerone.com/reports/590319 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-8227 third-party-advisory