A missing file type check in Nextcloud Contacts 3.2.0 allowed a malicious user to upload any file as avatars.
References
Link | Resource |
---|---|
https://hackerone.com/reports/808287%2C | |
https://nextcloud.com/security/advisory/?id=NC-SA-2020-024 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: hackerone
Published: 2020-07-10T15:48:41
Updated: 2020-07-10T15:48:41
Reserved: 2020-01-28T00:00:00
Link: CVE-2020-8181
JSON object: View
NVD Information
Status : Modified
Published: 2020-07-10T16:15:11.703
Modified: 2023-11-07T03:26:17.960
Link: CVE-2020-8181
JSON object: View
Redhat Information
No data.