CVE-2020-8179

4.1

4.1 / 10
MEDIUM

Improper access control in Nextcloud Deck 1.0.0 allowed an attacker to inject tasks into other users decks.

Weakness: Improper Privilege Management

The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Published: 2020-07-02

Vulnerable Products

Deck

Community Advisory

This section is open source, for any additional information that enhances or clarifies the official advisory above.

Improve Advisory

CVE-2020-8179 Exploits

Exploits for CVE-2020-8179 are not publicly available.

Access our inventory of exclusive N-Day CVE Exploits, provided for legal security research and testing purposes. Inquire about our offerings by email: [email protected] (PGP key).

Bug Bounty

Nextcloud: Access Control: Inject tasks into other users decks

submitted by dedoc 9 months ago
publicly disclosed 26 days ago

read report

Official CVE References

View references (2)

hackerone.com/reports/867052
nextcloud.com/security/advisory/