CVE-2020-8154

Summary

An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint.

Affected Software

VendorProductVersion RangeStatus
n/aNextcloud Server18.0.3affected

Weaknesses

  • CWE-639: Insecure Direct Object Reference (IDOR) (CWE-639)

ADP Enrichment

CVE Program Container

Additional References

References