{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-26T09:07:29.967","vulnerabilities":[{"cve":{"id":"CVE-2020-8227","sourceIdentifier":"support@hackerone.com","published":"2020-08-21T21:15:11.967","lastModified":"2026-06-17T03:26:05.493","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory."},{"lang":"es","value":"Una falta de saneamiento de una respuesta del servidor en Nextcloud Desktop Client versión 2.6.4 para Linux permitió que un Servidor de Nextcloud malicioso almacenara archivos fuera del directorio de sincronización dedicado."}],"affected":[{"source":"support@hackerone.com","affectedData":[{"vendor":"n/a","product":"Desktop Client","versions":[{"version":"2.6.5","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:S/C:C/I:C/A:C","baseScore":7.1,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nextcloud:desktop:*:*:*:*:*:*:*:*","versionEndExcluding":"2.6.5","matchCriteriaId":"032BCD9E-159A-4BB1-BCE6-0E405BA6F6C4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}]}]}],"references":[{"url":"https://hackerone.com/reports/590319","source":"support@hackerone.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://nextcloud.com/security/advisory/?id=NC-SA-2020-032","source":"support@hackerone.com","tags":["Broken Link","Exploit","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/202009-09","source":"support@hackerone.com","tags":["Third Party Advisory"]},{"url":"https://hackerone.com/reports/590319","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://nextcloud.com/security/advisory/?id=NC-SA-2020-032","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Exploit","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/202009-09","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}