Vulnerabilities > CVE-2020-8182 - Improper Preservation of Permissions vulnerability in Nextcloud Deck 0.8.0

CVSS 8.0 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

nextcloud

CWE-281

NVD

Published: 2020-10-05

Updated: 2024-11-21

Summary

Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with them with more permissions than they had themselves.

Vulnerable Configurations

Part	Description	Count
Application	Nextcloud Nextcloud Deck 0.8.0	1

Common Weakness Enumeration (CWE)

CWE-281 - Improper Preservation of Permissions

References

https://hackerone.com/reports/827816
https://hackerone.com/reports/827816
https://nextcloud.com/security/advisory/?id=NC-SA-2020-025
https://nextcloud.com/security/advisory/?id=NC-SA-2020-025