CVE-2020-8118: SSRF
First published: Tue Feb 04 2020(Updated: )
An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application.
Credit: support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nextcloud Nextcloud Server | <15.0.9 | |
| Nextcloud Nextcloud Server | >=16.0.0<16.0.2 | |
| openSUSE Backports SLE | =15.0-sp1 | |
| Novell Suse Linux Enterprise Server | =12.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-8118?
CVE-2020-8118 is an authenticated server-side request forgery vulnerability in Nextcloud server 16.0.1.
How does CVE-2020-8118 affect Nextcloud server?
CVE-2020-8118 allows an attacker to detect local and remote services when adding a new subscription in the calendar application.
What is the severity of CVE-2020-8118?
CVE-2020-8118 has a severity rating of medium (5).
Which software versions are affected by CVE-2020-8118?
Nextcloud Server versions up to 15.0.9 and between 16.0.0 to 16.0.2 are affected by CVE-2020-8118. openSUSE Backports SLE 15.0-sp1 and Novell Suse Linux Enterprise Server 12.0 are also affected.
How can I fix CVE-2020-8118?
Apply the latest security patches or update to a version of Nextcloud Server that is not affected by CVE-2020-8118.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/tags
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- vendor/nextcloud
- canonical/nextcloud nextcloud server
- version/nextcloud nextcloud server/16.0.0
- vendor/opensuse
- canonical/opensuse backports sle
- version/opensuse backports sle/15.0-sp1
- vendor/novell
- canonical/novell suse linux enterprise server
- version/novell suse linux enterprise server/12.0