Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-22469

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. When getting the reference preview for Deck cards the user has no access to, unauthorized user could eventually get the cached data of a user that has access. There are currently no known workarounds. It is recommended that the Nextcloud app Deck is upgraded to 1.8.2.

Published

2023-01-10T21:15:12.830

Last Modified

2024-11-21T07:44:52.100

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.8 (MEDIUM)

Weaknesses

Type: Primary
CWE-922

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	nextcloud	deck	< 1.8.2	Yes

References

https://github.com/nextcloud/deck/pull/4196 Patch, Third Party Advisory ([email protected])
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8fjp-w9gp-j5hq Exploit, Patch, Third Party Advisory ([email protected])
https://github.com/nextcloud/deck/pull/4196 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8fjp-w9gp-j5hq Exploit, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)