CVE-2020-8138

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-8138
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-8138.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-8138
Published
2020-03-20T21:15:17Z
Modified
2024-06-06T13:25:44.260469Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

A missing check for IPv4 nested inside IPv6 in Nextcloud server < 17.0.1, < 16.0.7, and < 15.0.14 allowed a Server-Side Request Forgery (SSRF) vulnerability when subscribing to a malicious calendar URL.

References

Affected packages

Git / github.com/nextcloud/server

Affected ranges

Type
GIT
Repo
https://github.com/nextcloud/server
Events

Affected versions

16.*

16.0.4

v16.*

v16.0.0
v16.0.1
v16.0.1RC1
v16.0.2
v16.0.2RC1
v16.0.3
v16.0.4
v16.0.4RC1
v16.0.5
v16.0.5RC1
v16.0.6
v16.0.6rc1
v16.0.7RC1