5 matches found
Nextcloud: Twitter Account hijack @nextcloudfrance
The Twitter account of Nextcloud France was vulnerable to Broken Link Hijacking BLH attack, which occurs when attackers exploit expired external links on credible websites or web applications. The attackers took over the expired link and claimed the username for testing purposes, redirecting user...
Improper Access Control in cortezaproject/corteza-server
Hi, Old unused Password reset tokens are not getting expired after using the new one. Suppose I am an attacker and I got access to the recovery email option of victim account. I logged in to victim recovery email suppose that is [email protected]. Then I used the forget password option. I will get o...
Information disclosure
Hitachi Content Platform Anywhere HCP-AW 4.4.5 and later allows information disclosure. If authenticated user creates a link to a file or folder while the system was running version 4.3.x or earlier and then shares the link and then later deletes the file or folder without deleting the link and...
PT-2020-11899 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions 10.1 through 12.8.1 Description: A scenario was discovered in which a GitLab account could be taken over through an expired link, indicating an issue with access control. Recommendations: For GitLab versions 10.1 through 12.8....
Nextcloud: Expired reshare links allow access to all files in share
After a reshared subfolder link has expired, the link allows access to the full folder. I found the Problem in Nextcloud 14.0.3, but it still persists in 14.0.4 Steps: 1. share folder "A" with an nextcloud group 2. reshare a subfolder "B" of this folder with another user on this group in this cas...