Nextcloud: Bypass password confirmation via Context-dependent access control (CDCA)

A vulnerability was found in Nextcloud server that allowed bypassing password confirmation for deleting workflows. By directly sending a DELETE request to the workflow delete endpoint, an attacker could delete workflows without providing the expected password confirmation. This broken...