Insecure Direct Object Reference in Nextcloud Server by Nextcloud
CVE-2020-8154

7.7HIGH

Key Information:

Vendor

Nextcloud

Vendor
CVE Published:
12 May 2020

What is CVE-2020-8154?

An insecure direct object reference vulnerability in Nextcloud Server version 18.0.2 permits attackers to remotely wipe devices of other users. This occurs when malicious requests are sent directly to the server endpoint, exploiting the flaw to execute unauthorized actions. Users of Nextcloud must be vigilant, as this could lead to significant data loss and operational disruptions.

Affected Version(s)

Nextcloud Server 18.0.3

References

CVSS V3.1

Score:
7.7
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.