CVE-2020-8235
4.3MEDIUMMissing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments.
Опубликовано: 10/5/2020Обновлено: 11/21/2024
Описание
Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments.
ИИ-АнализНа базе ИИ
Затронутые продукты
nextclouddeck
1.0.4
Ссылки
- https://hackerone.com/reports/916704ExploitThird Party Advisory
- https://nextcloud.com/security/advisory/?id=NC-SA-2020-036Vendor Advisory
- https://hackerone.com/reports/916704ExploitThird Party Advisory
- https://nextcloud.com/security/advisory/?id=NC-SA-2020-036Vendor Advisory