2 matches found
CVE-2020-8235
Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments...
CVE-2020-8235
CVE-2020-8235 affects Nextcloud Deck 1.0.4, where missing access control enables an insecure direct object reference to view all attachments. Root cause: inadequate access checks when accessing attachments from the Deck task view, leading to exposure of user-owned files. Public references in the ...