Description
Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2020-29107 | Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments. |
References
History
No history.
Status: PUBLISHED
Assigner: hackerone
Published:
Updated: 2024-08-04T09:56:27.666Z
Reserved: 2020-01-28T00:00:00.000Z
Link: CVE-2020-8235
No data.
Status : Modified
Published: 2020-10-05T14:15:13.813
Modified: 2026-06-17T03:26:06.350
Link: CVE-2020-8235
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-639
Authorization Bypass Through User-Controlled Key
EUVD