Lucene search

NextcloudGHSA-93J5-WX4C-6G88

HistoryJan 09, 2023 - 5:45 a.m.

Missing character limitation allows to put generate a database error

2023-01-0905:45:57

github.com

nextcloud

database error

dos

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

26.9%

JSON

Description

Impact

A database error can be generated potentially causing a DoS when performed multiple times

Patches

It is recommended that the Nextcloud Deck app is upgraded to 1.6.5 or 1.7.3 or 1.8.2

Workarounds

No workaround available

References

For more information

If you have any questions or comments about this advisory:

Create a post in nextcloud/security-advisories
Customers: Open a support ticket at support.nextcloud.com

CPENameOperatorVersion
decklt1.6.5
decklt1.7.3
decklt1.8.2

Name	Operator	Version
deck	lt	1.6.5
deck	lt	1.7.3
deck	lt	1.8.2

References

github.com/nextcloud/deck/pull/4059

hackerone.com/reports/1596059

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

26.9%

JSON

Related for GHSA-93J5-WX4C-6G88