CVE-2020-8235

MEDIUM

Nextcloud Deck <1.0.4 - Info Disclosure

Title source: llm

Description

Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments.

References (2)

Scores

CVSS v3 4.3
EPSS 0.0014
EPSS Percentile 33.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Classification

CWE
CWE-639
Status published

Affected Products (1)

nextcloud/deck

Timeline

Published Oct 05, 2020
Tracked Since Feb 18, 2026