Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an malicious user to replace the public key to decrypt them later on.
CVE-2020-8152 – Elevation of Privilege in Backblaze
---------------------------------------------------
Summary
=======
Name: Elevation of Privilege in Backblaze
CVE: CVE-2020-8152
Discoverer: Jason Geffner
Vendor: Backblaze
Product: Backblaze for Windows and Backblaze for macOS
Risk: High
Discovery Date: 2020-03-13
Publication Data: 2020-09-08
...
Thanks, Reed I've updated the GitHub repository name to reflect this
change The detailed write-up can now be found at
githubcom/geffner/CVE-2020-8290/blob/master/READMEmd
On Tue, Dec 22, 2020 at 3:52 AM Reed Loden <reed () reedloden com> wrote:
_______________________________________________
Sent through the Full Disclosure m ...
Due to a process fail, this CVE ID was accidentally reused for another
vulnerability
The updated CVE ID for this issue is CVE-2020-8290
We apologize to Jason and others for the inconvenience caused by this error
Happy holidays,
~reed
(for HackerOne)
On Fri, Sep 11, 2020 at 10:16 AM Jason Geffner <geffner () gmail com> wrote:
_______ ...
CVE-2020-8290 – Elevation of Privilege in Backblaze
CVE-2020-8290 – Elevation of Privilege in Backblaze
Summary
Name: Elevation of Privilege in Backblaze
CVE: CVE-2020-8290
Discoverer: Jason Geffner
Vendor: Backblaze
Product: Backblaze for Windows and Backblaze for macOS
Risk: High
Discovery Date: 2020-03-13
Publication Data: 2020-09-09
Fixed Version: 700439
Introduction
Per Wikipedia, Backblaze is
"an online back
CVE-2020-8290 – Elevation of Privilege in Backblaze
CVE-2020-8290 – Elevation of Privilege in Backblaze
Summary
Name: Elevation of Privilege in Backblaze
CVE: CVE-2020-8290
Discoverer: Jason Geffner
Vendor: Backblaze
Product: Backblaze for Windows and Backblaze for macOS
Risk: High
Discovery Date: 2020-03-13
Publication Data: 2020-09-09
Fixed Version: 700439
Introduction
Per Wikipedia, Backblaze is
"an online back
Vulmon