Lucene search

GoogleOSV:CVE-2024-22213

HistoryJan 18, 2024 - 8:15 p.m.

CVE-2024-22213

2024-01-1820:15:08

Google

osv.dev

nextcloud

kanban

html

vulnerability

upgrade

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

6.9

Confidence

High

EPSS

0.001

Percentile

20.0%

JSON

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions users could be tricked into executing malicious code that would execute in their browser via HTML sent as a comment. It is recommended that the Nextcloud Deck is upgraded to version 1.9.5 or 1.11.2. There are no known workarounds for this vulnerability.

References

github.com/nextcloud/deck/commit/91f1557362047f8840f53151f176b80148650bcd

github.com/nextcloud/security-advisories/security/advisories/GHSA-mg7w-x9fm-9wwc

hackerone.com/reports/2058556