Admin audit is not properly logging unsetting of expiration date

Disclosed: 2021-07-15 19:13:34 By rtod To nextcloud
Low
Vulnerability Details
In relation to https://hackerone.com/reports/1177353 1. Enable the audit log 2. Share a file 3. Set and expiration date So far all looks good in the log 4. Unset the the expiration date. 5. See a pretty useless log line ## Impact The audit log is used to get a full trail of the actions which is now incompletely. With possible important information. It seems to be also listed on https://portal.nextcloud.com/article/using-the-audit-log-44.html
Actions
View on HackerOne
Report Stats
  • Report ID: 1200810
  • State: Closed
  • Substate: resolved
  • Upvotes: 10
Share this report