What the vulnerability does

01Description

A logic error in Nextcloud Server 19.0.0 caused a privilege escalation allowing malicious users to reshare with higher permissions than they got assigned themselves.

Key dates

02Disclosure timeline

October 5, 2020 CVE published
August 4, 2024 Record updated