Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A user with access to a deck board was able to access comments and attachments of already deleted cards. It is recommended that the Nextcloud Deck app is upgraded to 1.6.6 or 1.7.5 or 1.8.7 or 1.9.6 or 1.11.3 or 1.12.1.
References
Link | Resource |
---|---|
https://github.com/nextcloud/deck/pull/5423 | Patch |
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-x45g-vx69-r9m8 | Patch Third Party Advisory |
https://hackerone.com/reports/2289333 | Issue Tracking |
https://github.com/nextcloud/deck/pull/5423 | Patch |
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-x45g-vx69-r9m8 | Patch Third Party Advisory |
https://hackerone.com/reports/2289333 | Issue Tracking |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 09:24
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/nextcloud/deck/pull/5423 - Patch | |
References | () https://github.com/nextcloud/security-advisories/security/advisories/GHSA-x45g-vx69-r9m8 - Patch, Third Party Advisory | |
References | () https://hackerone.com/reports/2289333 - Issue Tracking |
19 Aug 2024, 16:00
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/nextcloud/deck/pull/5423 - Patch | |
References | () https://github.com/nextcloud/security-advisories/security/advisories/GHSA-x45g-vx69-r9m8 - Patch, Third Party Advisory | |
References | () https://hackerone.com/reports/2289333 - Issue Tracking | |
CPE | cpe:2.3:a:nextcloud:deck:1.12.0:beta2:*:*:*:*:*:* cpe:2.3:a:nextcloud:deck:1.12.0:beta1:*:*:*:*:*:* cpe:2.3:a:nextcloud:deck:1.12.0:beta5:*:*:*:*:*:* cpe:2.3:a:nextcloud:deck:1.12.0:beta4:*:*:*:*:*:* cpe:2.3:a:nextcloud:deck:*:*:*:*:*:*:*:* cpe:2.3:a:nextcloud:deck:1.12.0:-:*:*:*:*:*:* cpe:2.3:a:nextcloud:deck:1.12.0:beta3:*:*:*:*:*:* |
|
First Time |
Nextcloud
Nextcloud deck |
|
CWE | NVD-CWE-noinfo |
17 Jun 2024, 12:42
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
14 Jun 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-14 16:15
Updated : 2024-11-21 09:24
NVD link : CVE-2024-37883
Mitre link : CVE-2024-37883
CVE.ORG link : CVE-2024-37883
JSON object : View
Products Affected
nextcloud
- deck
CWE