Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud, similar to Trello. The full path of the application is exposed to unauthorized users. It is recommended that the Nextcloud Deck app is upgraded to 1.2.11, 1.4.6, or 1.5.4. There is no workaround available.
References
Link | Resource |
---|---|
https://github.com/nextcloud/deck/pull/3384 | Issue Tracking Patch Third Party Advisory |
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hx9w-xfrg-2qvp | Exploit Issue Tracking Third Party Advisory |
https://hackerone.com/reports/1354334 | Exploit Issue Tracking Third Party Advisory |
https://github.com/nextcloud/deck/pull/3384 | Issue Tracking Patch Third Party Advisory |
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hx9w-xfrg-2qvp | Exploit Issue Tracking Third Party Advisory |
https://hackerone.com/reports/1354334 | Exploit Issue Tracking Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 06:51
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 4.0
v3 : 3.5 |
References | () https://github.com/nextcloud/deck/pull/3384 - Issue Tracking, Patch, Third Party Advisory | |
References | () https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hx9w-xfrg-2qvp - Exploit, Issue Tracking, Third Party Advisory | |
References | () https://hackerone.com/reports/1354334 - Exploit, Issue Tracking, Third Party Advisory |
06 Jul 2023, 13:36
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-209 |
02 Jun 2022, 14:19
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 4.0
v3 : 4.3 |
CPE | cpe:2.3:a:nextcloud:deck:*:*:*:*:*:*:*:* | |
References | (CONFIRM) https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hx9w-xfrg-2qvp - Exploit, Issue Tracking, Third Party Advisory | |
References | (MISC) https://hackerone.com/reports/1354334 - Exploit, Issue Tracking, Third Party Advisory | |
References | (MISC) https://github.com/nextcloud/deck/pull/3384 - Issue Tracking, Patch, Third Party Advisory |
20 May 2022, 16:18
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-05-20 16:15
Updated : 2024-11-21 06:51
NVD link : CVE-2022-24906
Mitre link : CVE-2022-24906
CVE.ORG link : CVE-2022-24906
JSON object : View
Products Affected
nextcloud
- deck