What the vulnerability does

01Description

An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application.

Key dates

02Disclosure timeline

February 4, 2020 CVE published
August 4, 2024 Record updated