CVE 2020-8118
An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application.
See the 
CVE page on Mitre.org
for more details.
