First published: Fri Sep 18 2020(Updated: )
A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials.
Credit: support@hackerone.com
Affected Software | Affected Version | How to fix |
---|---|---|
Nextcloud Desktop Client | <2.6.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2020-8225.
The severity of CVE-2020-8225 is high.
The affected software is Nextcloud Desktop Client version up to exclusive 2.6.5.
CVE-2020-8225 exposes sensitive information through cleartext storage of proxies and their authentication credentials.
You can find more information about CVE-2020-8225 in the HackerOne report (link: https://hackerone.com/reports/685990) and the Nextcloud security advisory (link: https://nextcloud.com/security/advisory/?id=NC-SA-2020-031).