What the vulnerability does

01Description

Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments.

Key dates

02Disclosure timeline

October 5, 2020 CVE published
August 4, 2024 Record updated