Количество 3
Количество 3
CVE-2025-64011
Nextcloud Server 30.0.0 is vulnerable to an Insecure Direct Object Reference (IDOR) in the /core/preview endpoint. Any authenticated user can access previews of arbitrary files belonging to other users by manipulating the fileId parameter. This allows unauthorized disclosure of sensitive data, such as text files or images, without prior sharing permissions.
CVE-2025-64011
Nextcloud Server 30.0.0 is vulnerable to an Insecure Direct Object Ref ...
GHSA-h6j9-6xjq-44c4
Nextcloud Server 30.0.0 is vulnerable to an Insecure Direct Object Reference (IDOR) in the /core/preview endpoint. Any authenticated user can access previews of arbitrary files belonging to other users by manipulating the fileId parameter. This allows unauthorized disclosure of sensitive data, such as text files or images, without prior sharing permissions.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-64011 Nextcloud Server 30.0.0 is vulnerable to an Insecure Direct Object Reference (IDOR) in the /core/preview endpoint. Any authenticated user can access previews of arbitrary files belonging to other users by manipulating the fileId parameter. This allows unauthorized disclosure of sensitive data, such as text files or images, without prior sharing permissions. | CVSS3: 4.3 | 0% Низкий | около 2 месяцев назад |
| CVE-2025-64011 Nextcloud Server 30.0.0 is vulnerable to an Insecure Direct Object Ref ... | CVSS3: 4.3 | 0% Низкий | около 2 месяцев назад |
| GHSA-h6j9-6xjq-44c4 Nextcloud Server 30.0.0 is vulnerable to an Insecure Direct Object Reference (IDOR) in the /core/preview endpoint. Any authenticated user can access previews of arbitrary files belonging to other users by manipulating the fileId parameter. This allows unauthorized disclosure of sensitive data, such as text files or images, without prior sharing permissions. | CVSS3: 4.3 | 0% Низкий | около 2 месяцев назад |
Уязвимостей на страницу