Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2023-22472
HistoryJan 09, 2023 - 2:15 p.m.

Code injection

2023-01-0914:15:00
PRIOn knowledge base
www.prio-n.com
8
deck
kanban
vulnerability
code injection
nextcloud
desktop client
upgrade
windows
post request

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.1%

JSON

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. It is possible to make a user send any POST request with an arbitrary body given they click on a malicious deep link on a Windows computer. (e.g. in an email, chat link, etc). There are currently no known workarounds. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.2.

CPENameOperatorVersion
desktopeq3.6.1

Related

nextcloud 1
nvd 1
cve 1
alpinelinux 1
veracode 1
osv 1
cvelist 1
hackerone 1
nextcloud
nextcloud
CSRF vulnerability in Nextcloud Desktop Client on Windows when clicking malicious link
2023-01-09 05:49:17
nvd
nvd
CVE-2023-22472
2023-01-09 14:15:10
cve
cve
CVE-2023-22472
2023-01-09 14:15:10
alpinelinux
alpinelinux
CVE-2023-22472
2023-01-09 14:15:10
veracode
veracode
Cross-Site Request Forgery (CSRF)
2023-05-15 02:20:05
osv
osv
CVE-2023-22472
2023-01-09 14:15:10
cvelist
cvelist
CVE-2023-22472 Nextcloud Deck Desktop Client is vulnerable to Cross-Site Request Forgery (CSRF) via malicious link
2023-01-09 13:54:53
hackerone
hackerone
Nextcloud: CSRF vulnerability in Nextcloud Desktop Client 3.6.1 on Windows when clicking malicious link
2022-10-18 18:36:38

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.1%

JSON
Related for PRION:CVE-2023-22472
nextcloud1nvd1cve1alpinelinux1veracode1osv1cvelist1hackerone1