CVE-2020-8235
4.3MEDIUMMissing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments.
Published: 10/5/2020Updated: 11/21/2024
Description
Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments.
AI AnalysisPowered by AI
Affected Products
nextclouddeck
1.0.4
References
- https://hackerone.com/reports/916704ExploitThird Party Advisory
- https://nextcloud.com/security/advisory/?id=NC-SA-2020-036Vendor Advisory
- https://hackerone.com/reports/916704ExploitThird Party Advisory
- https://nextcloud.com/security/advisory/?id=NC-SA-2020-036Vendor Advisory