External Storage - WebDAV - New user has access to storage from deleted user (same user-ID)
Unknown
Vulnerability Details
* Delete existing user account "user3"
* Create new user account "user3"
Also reported on https://github.com/nextcloud/server/issues/15258
## Impact
Newly created user with same user-id of a deleted user has access to the configured external webdav storage from the deleted user.
Actions
View on HackerOneReport Stats
- Report ID: 549831
- State: Closed
- Substate: resolved
- Upvotes: 2