Vulnerability: Insecure Hide-Download Shares in Nextcloud Server

Vulnerability: Insecure Hide-Download Shares in Nextcloud Server

CVE-2020-8139 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

A missing access control check in Nextcloud Server < 18.0.1, < 17.0.4, and < 16.0.9 causes hide-download shares to be downloadable when appending /download to the URL.

Learn more about our Cis Benchmark Audit For Server Software.