CVE-2020-8297

Опубликовано: 23 фев. 2021

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

Nextcloud Deck before 1.0.2 suffers from an insecure direct object reference (IDOR) vulnerability that permits users with a duplicate user identifier to access deck data of a previous deleted user.

Ссылки

https://github.com/nextcloud/deck/pull/1976
Patch
Third Party Advisory
https://hackerone.com/reports/882258
Exploit
Third Party Advisory
https://nextcloud.com/security/advisory/?id=NC-SA-2021-007
Broken Link
https://github.com/nextcloud/deck/pull/1976
Patch
Third Party Advisory
https://hackerone.com/reports/882258
Exploit
Third Party Advisory
https://nextcloud.com/security/advisory/?id=NC-SA-2021-007
Broken Link

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nextcloud:deck:*:*:*:*:*:*:*:*

Версия до 1.0.2 (исключая)

EPSS

Процентиль: 46%

0.00233

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-639

Связанные уязвимости

GHSA-hx5m-93g9-j2jh