2020-02-04 19:08:57
hackerone
PUBLISHED
An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application.