Overview

File _patchinfo of Package patchinfo.12562

<patchinfo incident="12562">
  <issue tracker="cve" id="2020-8155"/>
  <issue tracker="cve" id="2020-8154"/>
  <issue tracker="bnc" id="1171572">VUL-1: CVE-2020-8155: Cross-site scripting vulnerability when opening a malicious PDF</issue>
  <issue tracker="bnc" id="1171579">VUL-0: CVE-2020-8154: nextcloud: remote wipe of devices of other users via a malicious request directly to the endpoint</issue>
  <packager>ecsos</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for nextcloud</summary>
  <description>This update for nextcloud to 18.0.4 fixes the following issues:

Security issues fixed:

- CVE-2020-8154: Fixed an XSS vulnerability when opening malicious PDFs (NC-SA-2020-018 boo#1171579).
- CVE-2020-8155: Fixed a direct object reference vulnerability that allowed attackers to remotely wipe devices of other users (NC-SA-2020-019 boo#1171572).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places