2020-02-04 19:08:57
hackerone
PUBLISHED
A missing check in Nextcloud Server 17.0.0 allowed an attacker to set up a new second factor when trying to login.