Vulnerability Database
Blog
FAQ
Docs
CVE-2020-8156
See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-8156
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-8156.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-8156
Published
2020-05-12T13:15:13Z
Modified
2024-09-03T03:34:14.298157Z
Severity
7.0 (High)
CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
CVSS Calculator
Summary
[none]
Details
A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack.
References
https://nextcloud.com/security/advisory/?id=NC-SA-2020-020
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KC6HLX5SG4PZO6Y54D2LFJ4ATG76BKOP/
Affected packages
Git
/
github.com/nextcloud/mail
Affected ranges
Type
GIT
Repo
https://github.com/nextcloud/mail
Events
Introduced
0
Unknown introduced commit / All previous commits are affected
Fixed
7e3eb7526ad23d2f3c8bb1dbedb950563a94dedd
Affected versions
Other
nighly-20170831
nightly-20161202
nightly-20161208
nightly-20161218
nightly-20170117
nightly-20170612
nightly-20170823
nightly-20170831
nightly-20170906
nightly-20170913
nightly-20171127
nightly-20171212
nightly-20180410
nightly-20200115
untagged-bd8a3cab1eb0022ec683
v0.*
v0.1.0
v0.1.3
v0.10.0
v0.10.0-beta1
v0.10.0-rc1
v0.11.0
v0.11.0-beta1
v0.12.0
v0.12.0-RC1
v0.12.0-RC2
v0.12.0-RC3
v0.12.0-alpha-4
v0.12.0-alpha-5
v0.12.0-alpha1
v0.12.0-alpha2
v0.12.0-alpha3
v0.12.0-beta1
v0.12.0-beta2
v0.12.0-beta3
v0.12.0-beta4
v0.12.0-beta5
v0.13.0
v0.14.0
v0.15.0
v0.15.1
v0.15.2
v0.15.3
v0.15.4
v0.15.5
v0.16.0
v0.17.0
v0.18.0
v0.18.0-RC1
v0.18.1
v0.19.0
v0.19.1
v0.2.0
v0.20.0
v0.20.1
v0.20.2
v0.20.3
v0.21.0
v0.21.1
v0.3.0
v0.4.0
v0.4.1
v0.4.2
v0.4.3
v0.4.4
v0.5.0
v0.5.1
v0.5.2
v0.6.2
v0.7.0
v0.7.1
v0.7.10
v0.7.2
v0.7.3
v0.7.4
v0.7.5
v0.7.6
v0.7.7
v0.7.8
v0.7.9
v0.8.0
v0.8.0-alpha1
v0.8.0-beta1
v0.8.1
v0.8.2
v0.8.2-alpha2
v0.8.2-alpha3
v0.8.3
v0.8.3-alpha1
v0.9.0
v0.9.0-beta1
v0.9.0-beta2
v0.9.0-beta3
v0.9.0-rc1
v1.*
v1.0.0
v1.1.0
v1.1.1
v1.1.2
v1.1.3
CVE-2020-8156 - OSV