CVE-2022-24906
Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud, similar to Trello. The full path of the application is exposed to unauthorized users. It is recommended that the Nextcloud Deck app is upgraded to 1.2.11, 1.4.6, or 1.5.4. There is no workaround available.
Published
2022-05-20T16:15:09.193
Last Modified
2024-11-21T06:51:22.023
Status
Modified
Source
[email protected]
Severity
CVSSv3.1: 3.5 (LOW)
CVSSv2 Vector
AV:N/AC:L/Au:S/C:P/I:N/A:N
- Access Vector: NETWORK
- Access Complexity: LOW
- Authentication: SINGLE
- Confidentiality Impact: PARTIAL
- Integrity Impact: NONE
- Availability Impact: NONE
Exploitability Score
8.0
Impact Score
2.9
Weaknesses
-
Type: Secondary
CWE-200
-
Type: Primary
CWE-209
Affected Vendors & Products
References
-
https://github.com/nextcloud/deck/pull/3384
Issue Tracking, Patch, Third Party Advisory
([email protected])
-
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hx9w-xfrg-2qvp
Exploit, Issue Tracking, Third Party Advisory
([email protected])
-
https://hackerone.com/reports/1354334
Exploit, Issue Tracking, Third Party Advisory
([email protected])
-
https://github.com/nextcloud/deck/pull/3384
Issue Tracking, Patch, Third Party Advisory
(af854a3a-2127-422b-91ae-364da2661108)
-
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hx9w-xfrg-2qvp
Exploit, Issue Tracking, Third Party Advisory
(af854a3a-2127-422b-91ae-364da2661108)
-
https://hackerone.com/reports/1354334
Exploit, Issue Tracking, Third Party Advisory
(af854a3a-2127-422b-91ae-364da2661108)