Bugzilla – Bug 1171579
VUL-0: CVE-2020-8154: nextcloud: remote wipe of devices of other users via a malicious request directly to the endpoint
Last modified: 2020-10-11 19:41:18 UTC
CVE-2020-8154 An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8154 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8154 https://hackerone.com/reports/819807 https://nextcloud.com/security/advisory/?id=NC-SA-2020-018
Factory already fixed. Leap 15.1 is probably affected. See also bsc#1171572
This is an autogenerated message for OBS integration: This bug (1171579) was mentioned in https://build.opensuse.org/request/show/805352 Backports:SLE-12 / nextcloud https://build.opensuse.org/request/show/805353 Backports:SLE-15-SP1 / nextcloud https://build.opensuse.org/request/show/805354 15.1 / nextcloud
openSUSE-SU-2020:0667-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1084320,1171572,1171579 CVE References: CVE-2020-8154,CVE-2020-8155 Sources used: SUSE Package Hub for SUSE Linux Enterprise 12 (src): nextcloud-18.0.4-22.1
openSUSE-SU-2020:0668-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1171572,1171579 CVE References: CVE-2020-8154,CVE-2020-8155 Sources used: openSUSE Backports SLE-15-SP1 (src): nextcloud-18.0.4-bp151.3.9.1
openSUSE-SU-2020:0670-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1171572,1171579 CVE References: CVE-2020-8154,CVE-2020-8155 Sources used: openSUSE Leap 15.1 (src): nextcloud-18.0.4-lp151.2.6.1
This is an autogenerated message for OBS integration: This bug (1171579) was mentioned in https://build.opensuse.org/request/show/839724 15.1+15.2+Backports:SLE-12+Backports:SLE-15-SP1+Backports:SLE-15-SP2 / nextcloud
openSUSE-SU-2020:1652-1: An update that fixes 5 vulnerabilities is now available. Category: security (moderate) Bug References: 1171572,1171579,1177346 CVE References: CVE-2020-8154,CVE-2020-8155,CVE-2020-8183,CVE-2020-8228,CVE-2020-8233 JIRA References: Sources used: openSUSE Leap 15.2 (src): nextcloud-20.0.0-lp152.3.3.1 openSUSE Leap 15.1 (src): nextcloud-20.0.0-lp151.2.9.1 openSUSE Backports SLE-15-SP2 (src): nextcloud-20.0.0-bp152.2.3.1 openSUSE Backports SLE-15-SP1 (src): nextcloud-20.0.0-bp151.3.12.1
openSUSE-SU-2020:1652-1: An update that fixes 5 vulnerabilities is now available. Category: security (moderate) Bug References: 1171572,1171579,1177346 CVE References: CVE-2020-8154,CVE-2020-8155,CVE-2020-8183,CVE-2020-8228,CVE-2020-8233 JIRA References: Sources used: openSUSE Leap 15.2 (src): nextcloud-20.0.0-lp152.3.3.1 openSUSE Leap 15.1 (src): nextcloud-20.0.0-lp151.2.9.1 openSUSE Backports SLE-15-SP2 (src): nextcloud-20.0.0-bp152.2.3.1 openSUSE Backports SLE-15-SP1 (src): nextcloud-20.0.0-bp151.3.12.1 SUSE Package Hub for SUSE Linux Enterprise 12 (src): nextcloud-20.0.0-25.1
Nextcloud is updated to 20.