Github wikis are editable by anyone https://github.com/nextcloud/bookmarks/wiki

Disclosed: 2021-01-15 16:23:08 By juno_hacker To nextcloud

Unknown

Vulnerability Details

Github wikis on the following projects https://github.com/nextcloud/bookmarks/wiki can be edited by any logged in user in the system. This poses security and reputation risk for the company. ## Impact As wikis listed above can be edited by any person on the internet, a malicious actor can accurately craft a message or a note which would lead a user to download a malicious component in a natural way.

Actions

View on HackerOne

Report Stats

Report ID: 906322
State: Closed
Substate: resolved
Upvotes: 7

Github wikis are editable by anyone https://github.com/nextcloud/bookmarks/wiki

Vulnerability Details

Actions

Report Stats

Share this report