GoogleOSV:CVE-2020-8297

HistoryFeb 23, 2021 - 7:15 p.m.

CVE-2020-8297

2021-02-2319:15:13

Google

osv.dev

nextcloud

deck

idor

vulnerability

access

user data

AI Score

6.8

Confidence

Low

EPSS

0.001

Percentile

32.0%

JSON

Nextcloud Deck before 1.0.2 suffers from an insecure direct object reference (IDOR) vulnerability that permits users with a duplicate user identifier to access deck data of a previous deleted user.

References

github.com/nextcloud/deck/pull/1976

hackerone.com/reports/882258

nextcloud.com/security/advisory/?id=NC-SA-2021-007