SUSE CVE-2020-8139

A missing access control check in Nextcloud Server 18.0.1, 17.0.4, and 16.0.9 causes hide-download shares to be downloadable when appending /download to the URL...

CVE-2020-8139

A missing access control check in Nextcloud Server 18.0.1, 17.0.4, and 16.0.9 causes hide-download shares to be downloadable when appending /download to the URL...

CVE-2020-8139

A missing access control check in Nextcloud Server 18.0.1, 17.0.4, and 16.0.9 causes hide-download shares to be downloadable when appending /download to the URL...

CVE-2020-8139

A missing access control check in Nextcloud Server 18.0.1, 17.0.4, and 16.0.9 causes hide-download shares to be downloadable when appending /download to the URL...

CVE-2020-8139

CVE-2020-8139 affects Nextcloud Server versions older than 18.0.1, 17.0.4 and 16.0.9, where a missing access control check allows hide-download shares to be downloaded when the URL is appended with /download. Connected documents confirm this is a remote access control vulnerability with potential...

Nextcloud: "Secure View" aka "Hide Download" can be bypassed easily

The mid-2019 announced feature "Secure view" https://nextcloud.com/blog/secure-view-prevent-your-shared-files-from-getting-downloaded/ allows for hiding the Download button on public shares. Even though the announcement admits that there are always workarounds out there to get hands on the file...