Nextcloud Bug Bounty Report (CVE-2020-8155)

After listening to an episode of Darknet Diaries about bug bounty programs, I was inspired to make some money finding vulnerabilities in websites. Through HackerOne, I discovered Nextcloud's bug bounty program.

How I found the vulnerability

While looking at the list of in-scope targets, I saw that one was a PDF viewer, and some PDF viewers are vulnerable to XSS attacks. After seeing that they used pdf.js, I searched for vulnerabilities that affected the version they used. I found out that the version they used was vulnerable to CVE-2018-5158.

The Report Process

Although the report was only around 150 words, I spent a few hours confirming the exploit and writing it. I link to the report at the bottom of this post.

What Happened

Nextcloud quickly responded, fixed the issue, and submitted a CVE. They gave me $100, and the vulnerability was given the CVE ID, CVE-2020-8155. Overall, I am pleased with how they communicated and handled the process.