CVE-2020-8235

Summary

Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments.

Affected Software

VendorProductVersion RangeStatus
n/aNextcloud Deck appFixed in 1.0.5affected

Weaknesses

  • CWE-639: Insecure Direct Object Reference (IDOR) (CWE-639)

ADP Enrichment

CVE Program Container

Additional References

References