CVE-2020-8235
4.3MEDIUMMissing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments.
Publicado: 10/5/2020Actualizado: 11/21/2024
Descripción
Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments.
Análisis IAImpulsado por IA
Productos Afectados
nextclouddeck
1.0.4
Referencias
- https://hackerone.com/reports/916704ExploitThird Party Advisory
- https://nextcloud.com/security/advisory/?id=NC-SA-2020-036Vendor Advisory
- https://hackerone.com/reports/916704ExploitThird Party Advisory
- https://nextcloud.com/security/advisory/?id=NC-SA-2020-036Vendor Advisory