Linux client is vulnerable to directory traversal when downloading files (NC-SA-2020-032)
10th July 2020
Risk level: Low
CVSS v3 Base Score: 5.1 (AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L)
HackerOne report: 590319
Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory.
- Nextcloud Desktop < 2.6.5 (CVE-2020-8227)
The error has been fixed.
It is recommended that the Nextcloud Desktop Client is upgraded to 2.6.5.
The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:
- Carl Pearson - Vulnerability discovery and disclosure.
This advisory is licensed CC BY-SA 4.0.