Lucene search

[email protected]NVD:CVE-2023-22470

HistoryJan 14, 2023 - 1:15 a.m.

CVE-2023-22470

2023-01-1401:15:13

CWE-20

CWE-400

[email protected]

web.nvd.nist.gov

nextcloud

deck

kanban

organization tool

database error

dos

upgrade

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

4.7

Confidence

High

EPSS

0.001

Percentile

32.1%

JSON

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A database error can be generated potentially causing a DoS when performed multiple times. There are currently no known workarounds. It is recommended that the Nextcloud Server is upgraded to 1.6.5 or 1.7.3 or 1.8.2.

Affected configurations

Nvd

Node

nextclouddeckRange<1.6.5

nextclouddeckRange1.7.0–1.7.3

nextclouddeckRange1.8.0–1.8.2

VendorProductVersionCPE
nextclouddeck*cpe:2.3:a:nextcloud:deck:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nextcloud	deck	*	cpe:2.3:a:nextcloud:deck::::::::

References

github.com/nextcloud/deck/pull/4059

github.com/nextcloud/security-advisories/security/advisories/GHSA-93j5-wx4c-6g88

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

4.7

Confidence

High

EPSS

0.001

Percentile

32.1%

JSON

Related for NVD:CVE-2023-22470

hackerone1 prion1 cve1 cvelist1 osv1 nextcloud1 cnvd1