Nextcloud Server 18.0.2 Authorization Bypass Through User-Controlled Key Vulnerability

Summary

An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint.

Credit:

The information has been provided by Tommy Suriel

The original article can be found at:https://nextcloud.com/security/advisory/?id=NC-SA-2020-018


Details

An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint.

 

Vulnerable Systems:

Nextcloud Server 18.0.2

 

CVE Information:

CVE-2020-8154

 

Disclosure Timeline:
Published Date:5/12/2020

Categories: FeaturedNews