Insecure Direct Object Reference in Nextcloud Server by Nextcloud
CVE-2020-8154
7.7HIGH
What is CVE-2020-8154?
An insecure direct object reference vulnerability in Nextcloud Server version 18.0.2 permits attackers to remotely wipe devices of other users. This occurs when malicious requests are sent directly to the server endpoint, exploiting the flaw to execute unauthorized actions. Users of Nextcloud must be vigilant, as this could lead to significant data loss and operational disruptions.
Affected Version(s)
Nextcloud Server 18.0.3