CVE-2023-22471 Nextcloud Deck vulnerable to authorization bypass

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Broken access control allows a user to delete attachments of other users. There are currently no known workarounds. It is recommended that the Nextcloud Deck app is...

CVE-2023-22471

CVE-2023-22471 affects Nextcloud Deck (Nextcloud Deck app) and is caused by broken access control that allows a user to delete attachments of other users. Public docs list vulnerable versions: Deck app prior to 1.6.5, prior to 1.7.3, and prior to 1.8.2. Impact is deletion of attachments across ca...

CVE-2023-22470 Nextcloud Deck vulnerable to uncontrolled resource consumption

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A database error can be generated potentially causing a DoS when performed multiple times. There are currently no known workarounds. It is recommended that t...

CVE-2023-22470 Nextcloud Deck vulnerable to uncontrolled resource consumption

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A database error can be generated potentially causing a DoS when performed multiple times. There are currently no known workarounds. It is recommended that t...

CVE-2023-22470

CVE-2023-22470 affects Nextcloud Deck (kanban tool) used with Nextcloud. The vulnerability is a database error that can be exploited to cause a denial of service when the action is repeated; no specific exploitation steps are provided in the documents. Impact is described as potential DoS with mu...

CVE-2023-22470 Nextcloud Deck vulnerable to uncontrolled resource consumption

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A database error can be generated potentially causing a DoS when performed multiple times. There are currently no known workarounds. It is recommended that t...

Nextcloud 安全漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Deck versions prior to 1.6.5, 1.7.x versions prior to 1.7.3, and 1.8.x versions prior to 1.8.2, which stems fr...

PT-2023-18522 · Nextcloud · Nextcloud Deck

Name of the Vulnerable Software and Affected Versions: Nextcloud Deck versions prior to 1.6.5 Nextcloud Deck versions prior to 1.7.3 Nextcloud Deck versions prior to 1.8.2 Description: Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams...

Nextcloud: Existance of calendars and addressbooks can be checked by unauthenticated users

Vulnerability description not provided...

CVE-2023-22469

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. When getting the reference preview for Deck cards the user has no access to, unauthorized user could eventually get the cached data of a user that has access. There ar...

Code injection

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. When getting the reference preview for Deck cards the user has no access to, unauthorized user could eventually get the cached data of a user that has access. There ar...

CVE-2023-22469 Nextcloud Deck card vulnerable to data leak to unauthorized users via reference preview cache

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. When getting the reference preview for Deck cards the user has no access to, unauthorized user could eventually get the cached data of a user that has access. There ar...

CVE-2023-22469

CVE-2023-22469 affects Nextcloud Deck (Deck app for Nextcloud), where unauthorized users can access cached data when obtaining a reference preview for a Deck card to which they have no access. Root cause is leakage via the reference preview cache, enabling data exposure of another user’s cards. A...

CVE-2023-22469 Nextcloud Deck card vulnerable to data leak to unauthorized users via reference preview cache

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. When getting the reference preview for Deck cards the user has no access to, unauthorized user could eventually get the cached data of a user that has access. There ar...

CVE-2023-22469 Nextcloud Deck card vulnerable to data leak to unauthorized users via reference preview cache

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. When getting the reference preview for Deck cards the user has no access to, unauthorized user could eventually get the cached data of a user that has access. There ar...

Nextcloud 安全漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in versions prior to Nextcloud Deck 1.8.2 that stems from the fact that when obtaining a reference preview of a Deck card t...

PT-2023-18520 · Nextcloud · Deck

Name of the Vulnerable Software and Affected Versions: Nextcloud app Deck versions prior to 1.8.2 Description: The issue affects Deck, a kanban style organization tool integrated with Nextcloud, used for personal planning and project organization for teams. When getting the reference preview for...

CVE-2023-22473

Talk-Android enables users to have video & audio calls through Nextcloud on Android. Due to passcode bypass, an attacker is able to access the user's Nextcloud files and view conversations. To exploit this the attacker needs to have physical access to the target's device. There are currently no...

Code injection

Talk-Android enables users to have video & audio calls through Nextcloud on Android. Due to passcode bypass, an attacker is able to access the user's Nextcloud files and view conversations. To exploit this the attacker needs to have physical access to the target's device. There are currently no...

CVE-2023-22472

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. It is possible to make a user send any POST request with an arbitrary body given they click on a malicious deep link on a Windows computer. e.g. in an email, chat link...