Lucene search

[email protected]NVD:CVE-2023-22471

HistoryJan 14, 2023 - 1:15 a.m.

CVE-2023-22471

2023-01-1401:15:14

CWE-639

[email protected]

web.nvd.nist.gov

deck

kanban

access control

attachments

nextcloud

upgrade

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

AI Score

4.2

Confidence

High

EPSS

0.001

Percentile

33.4%

JSON

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Broken access control allows a user to delete attachments of other users. There are currently no known workarounds. It is recommended that the Nextcloud Deck app is upgraded to 1.6.5 or 1.7.3 or 1.8.2.

Affected configurations

Nvd

Node

nextclouddeckRange<1.6.5

nextclouddeckRange1.7.0–1.7.3

nextclouddeckRange1.8.0–1.8.2

VendorProductVersionCPE
nextclouddeck*cpe:2.3:a:nextcloud:deck:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nextcloud	deck	*	cpe:2.3:a:nextcloud:deck::::::::

References

github.com/nextcloud/deck/pull/4173

github.com/nextcloud/security-advisories/security/advisories/GHSA-2vw5-pfg6-3wm6

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

AI Score

4.2

Confidence

High

EPSS

0.001

Percentile

33.4%

JSON

Related for NVD:CVE-2023-22471

nextcloud1 osv1 hackerone1 prion1 cvelist1 cve1