What the vulnerability does

01Description

An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint.

Key dates

02Disclosure timeline

May 12, 2020 CVE published
August 4, 2024 Record updated