CVE-2020-8223
- Source
- https://cve.org/CVERecord?id=CVE-2020-8223
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-8223.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-8223
- Published
- 2020-10-05T14:15:13.623Z
- Modified
- 2026-03-10T23:24:44.425072Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
A logic error in Nextcloud Server 19.0.0 caused a privilege escalation allowing malicious users to reshare with higher permissions than they got assigned themselves.
- References
-
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KC6HLX5SG4PZO6Y54D2LFJ4ATG76BKOP/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T7FX3O6SJE2S52I2HAA4DSTUIISP5BNA/
- https://nextcloud.com/security/advisory/?id=NC-SA-2020-029
- https://hackerone.com/reports/889243
Affected packages
Git / github.com/nextcloud/server
Affected ranges
- Type
- GIT
- Repo
- https://github.com/nextcloud/server
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "19.0.0-NA" }, { "introduced": "0" }, { "last_affected": "33" } ] }
Affected versions
Other
list
v1.*
v1.0.0beta1
v1.0RC1
v1.1
v11.*
v11.0.0
v11.0RC2
v12.*
v12.0.0beta1
v12.0.0beta2
v12.0.0beta3
v12.0.0beta4
v13.*
v13.0.0RC1
v13.0.0beta1
v13.0.0beta2
v13.0.0beta3
v13.0.0beta4
v14.*
v14.0.0RC1
v14.0.0RC2
v14.0.0beta1
v14.0.0beta2
v14.0.0beta3
v14.0.0beta4
v15.*
v15.0.0RC1
v15.0.0beta1
v15.0.0beta2
v16.*
v16.0.0RC1
v16.0.0alpha1
v16.0.0beta1
v16.0.0beta2
v16.0.0beta3
v17.*
v17.0.0beta1
v17.0.0beta2
v17.0.0beta3
v17.0.0beta4
v18.*
v18.0.0RC1
v18.0.0beta1
v18.0.0beta2
v18.0.0beta3
v18.0.0beta4
v19.*
v19.0.0
v19.0.0RC1
v19.0.0RC2
v19.0.0RC3
v19.0.0beta1
v19.0.0beta2
v19.0.0beta3
v19.0.0beta4
v19.0.0beta5
v19.0.0beta6
v19.0.0beta7
v2.*
v2.0beta3
v20.*
v20.0.0RC1
v20.0.0beta1
v20.0.0beta2
v20.0.0beta3
v20.0.0beta4
v21.*
v21.0.0beta1
v21.0.0beta2
v21.0.0beta3
v21.0.0beta4
v21.0.0beta5
v21.0.0beta6
v21.0.0beta7
v21.0.0beta8
v22.*
v22.0.0beta1
v22.0.0beta2
v22.0.0beta3
v22.0.0beta4
v22.0.0beta5
v22.0.0rc1
v23.*
v23.0.0beta1
v23.0.0beta2
v23.0.0beta3
v24.*
v24.0.0beta1
v24.0.0beta2
v24.0.0beta3
v24.0.0rc1
v25.*
v25.0.0beta1
v25.0.0beta2
v25.0.0beta3
v25.0.0beta4
v25.0.0beta5
v25.0.0beta6
v25.0.0beta7
v26.*
v26.0.0beta1
v26.0.0beta2
v26.0.0beta3
v26.0.0beta4
v26.0.0beta5
v26.0.0rc1
v27.*
v27.0.0beta1
v27.0.0beta2
v28.*
v28.0.0beta1
v28.0.0beta2
v28.0.0beta3
v28.0.0beta4
v29.*
v29.0.0beta1
v29.0.0beta2
v29.0.0beta3
v29.0.0beta4
v29.0.0beta5
v29.0.0beta6
v3.*
v3.0
v3.0RC1
v3.0alpha1
v30.*
v30.0.0beta1
v30.0.0beta2
v30.0.0beta3
v30.0.0beta4
v30.0.0beta5
v31.*
v31.0.0beta1
v31.0.0beta2
v31.0.0beta3
v31.0.0beta4
v31.0.0beta5
v32.*
v32.0.0beta1
v32.0.0beta2
v32.0.0beta3
v32.0.0beta4
v32.0.0beta5
v33.*
v33.0.0
v33.0.0beta1
v33.0.0beta2
v33.0.0beta3
v33.0.0beta4
v33.0.0beta5
v33.0.0rc1
v33.0.0rc2
v33.0.0rc3
v33.0.0rc4
v4.*
v4.0.0
v4.0.0RC
v4.0.0RC2
v4.0.0beta
v4.0.1
v4.0.3
v4.0.4
v4.0.5
v4.0.6
v4.5.0
v4.5.0RC1
v4.5.0RC2
v4.5.0RC3
v4.5.0beta1
v4.5.0beta2
v4.5.0beta3
v4.5.0beta4
v5.*
v5.0.0
v5.0.0RC1
v5.0.0RC2
v5.0.0RC3
v5.0.0alpha1
v5.0.0beta1
v5.0.0beta2
v6.*
v6.0.0RC1
v6.0.0RC2
v6.0.0alpha2
v6.0.0beta2
v6.0.0beta3
v6.0.0beta4
v6.0.0beta5
v7.*
v7.0.0alpha2
v7.0.0beta1
v8.*
v8.0.0
v8.0.0RC1
v8.0.0RC2
v8.0.0alpha1
v8.0.0alpha2
v8.0.0beta1
v8.0.0beta2
v8.1.0alpha1
v8.1.0alpha2
v8.1.0beta1
v8.1.0beta2
v8.1RC2
v8.2RC1
v8.2beta1
v9.*
v9.0.0beta2
v9.0.1beta2
v9.0beta1
v9.1.0beta1
v9.1.0beta2