Vulnerability DatabaseCVE-2020-8118

CVE-2020-8118:
Linux openSUSE vulnerability analysis and mitigation

Overview

CVE-2020-8118 is a server-side request forgery (SSRF) vulnerability discovered in Nextcloud server 16.0.1. The vulnerability allowed authenticated users to detect local and remote services when adding a new subscription in the calendar application (OpenSUSE Security, Debian Security).

Technical details

The vulnerability is identified as an authenticated server-side request forgery (SSRF) that specifically affects the calendar application's subscription functionality in Nextcloud server version 16.0.1. The issue was tracked as NC-SA-2019-014 in Nextcloud's security advisory system (OpenSUSE Security).

Impact

When exploited, the vulnerability allows authenticated users to detect both local and remote services through the calendar application's subscription feature. This could potentially lead to unauthorized service discovery within the network infrastructure (Debian Security).

Mitigation and workarounds

The vulnerability was addressed in Nextcloud version 15.0.14. Users are advised to upgrade to this version or later to receive the security fix. The update was distributed through various channels including SUSE Package Hub and openSUSE Backports (OpenSUSE Security).

Additional resources

Source: This report was generated using AI

Related Linux openSUSE vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-62291	HIGH	8.1	strongSwan	strongswan-doc	No	Yes	Jan 16, 2026
CVE-2026-0891	HIGH	8.1	Mozilla Firefox	MozillaFirefox-devel	No	Yes	Jan 13, 2026
CVE-2025-24528	HIGH	7.1	Kerberos	libkadm5	No	Yes	Jan 16, 2026
CVE-2026-0890	MEDIUM	5.4	Mozilla Firefox	MozillaFirefox-devel	No	Yes	Jan 13, 2026
CVE-2025-43904	MEDIUM	4.2	Linux Debian	slurm_20_11-pam_slurm	No	Yes	Jan 16, 2026