2020-10-05 13:16:08
hackerone
PUBLISHED
Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments.