{"id":"CVE-2020-8153","details":"Improper access control in Groupfolders app 4.0.3 allowed to delete hidden directories when when renaming an accessible item to the same name.","modified":"2026-04-11T12:35:07.408184Z","published":"2020-05-12T13:15:12.987Z","database_specific":{"unresolved_ranges":[{"source":"CPE_FIELD","cpe":"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"32"}]}]},"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KC6HLX5SG4PZO6Y54D2LFJ4ATG76BKOP/"},{"type":"ADVISORY","url":"https://nextcloud.com/security/advisory/?id=NC-SA-2020-017"},{"type":"EVIDENCE","url":"https://hackerone.com/reports/642515"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nextcloud/groupfolders","events":[{"introduced":"0"},{"fixed":"24a1d023ae42140db84bdd8dedf62e1ebc632782"}],"database_specific":{"source":"CPE_FIELD","cpe":"cpe:2.3:a:nextcloud:group_folders:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"4.0.4"}]}}],"versions":["v1.0.0","v1.0.1","v1.0.2","v1.1.0","v1.2.0","v1.2.1","v1.2.2","v1.3.0","v1.3.2","v1.3.3","v2.0.0","v2.0.0-beta","v2.0.1","v2.0.2","v3.0.0","v3.0.1","v4.0.0","v4.0.1","v4.0.2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-8153.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"}]}