Nextcloud: Possibility to delete files attached to deck cards of other users

Hi everyone, Hope you are well ! I come to report here an IDOR vulnerability on the Deck application of Nextcloud, allowing to delete any attached files on any cards. Nextcloud deck app version : latest stable 1.8.0 Steps To Reproduce: The Nextcloud Deck application now offers the ability to add ...

Instacart: Fetch private list metadata and any user's personal name

Overview == When a user creates a list, they can choose whether to make the list visible in search and whether to show their name with the list. The problem is that the attacker can still access the information that the user chose to hide. Furthermore, if the attacker gets hold of a user's ID, th...

Direct Object Reference - User Information Disclosure

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-46864. panel A direct object reference vulnerability exists on the answers.atlassian.com platform which allows for malicious...

Direct Object Reference - User Information Disclosure

A direct object reference vulnerability exists on the answers.atlassian.com platform which allows for malicious users to obtain the email address of any given ID. Additionally since the ID's are incremental, it would be possible for an attacker to gain the email addresses of every single Atlassia...