Code injection

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. It is possible to make a user send any POST request with an arbitrary body given they click on a malicious deep link on a Windows computer. e.g. in an email, chat link...

CVE-2023-22473 Passcode bypass on Talk-Android app

Talk-Android enables users to have video & audio calls through Nextcloud on Android. Due to passcode bypass, an attacker is able to access the user's Nextcloud files and view conversations. To exploit this the attacker needs to have physical access to the target's device. There are currently no...

CVE-2023-22473

CVE-2023-22473 affects the Nextcloud Talk Android app. The vulnerability is a passcode bypass that allows access to a user’s Nextcloud files and conversations when an attacker has physical access to the target device. The root cause is exposed by the described bypass in Talk Android, enabling exp...

CVE-2023-22473 Passcode bypass on Talk-Android app

Talk-Android enables users to have video & audio calls through Nextcloud on Android. Due to passcode bypass, an attacker is able to access the user's Nextcloud files and view conversations. To exploit this the attacker needs to have physical access to the target's device. There are currently no...

CVE-2023-22473 Passcode bypass on Talk-Android app

Talk-Android enables users to have video & audio calls through Nextcloud on Android. Due to passcode bypass, an attacker is able to access the user's Nextcloud files and view conversations. To exploit this the attacker needs to have physical access to the target's device. There are currently no...

CVE-2023-22472 Nextcloud Deck Desktop Client is vulnerable to Cross-Site Request Forgery (CSRF) via malicious link

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. It is possible to make a user send any POST request with an arbitrary body given they click on a malicious deep link on a Windows computer. e.g. in an email, chat link...

CVE-2023-22472 Nextcloud Deck Desktop Client is vulnerable to Cross-Site Request Forgery (CSRF) via malicious link

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. It is possible to make a user send any POST request with an arbitrary body given they click on a malicious deep link on a Windows computer. e.g. in an email, chat link...

CVE-2023-22472

CVE-2023-22472 affects the Nextcloud Deck integration with the Nextcloud Desktop Client. The issue is a Cross-Site Request Forgery (CSRF) vulnerability that enables an attacker to induce a user to send a POST request with an arbitrary body by clicking a malicious deep link on Windows. Multiple so...

CVE-2023-22472 Nextcloud Deck Desktop Client is vulnerable to Cross-Site Request Forgery (CSRF) via malicious link

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. It is possible to make a user send any POST request with an arbitrary body given they click on a malicious deep link on a Windows computer. e.g. in an email, chat link...

CVE-2023-22472

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. It is possible to make a user send any POST request with an arbitrary body given they click on a malicious deep link on a Windows computer. e.g. in an email, chat link...

Passcode bypass on Talk Android app

None...

CSRF vulnerability in Nextcloud Desktop Client on Windows when clicking malicious link

None...

Possibility to delete files attached to deck cards of other users

None...

Missing character limitation allows to put generate a database error

None...

Deck card reference caching can leak data to unauthorized users

None...

Vulnerable moment-timezone version shipped

None...

PT-2023-18524 · Nextcloud · Nextcloud Desktop Client

Name of the Vulnerable Software and Affected Versions: Nextcloud Desktop client versions prior to 3.6.2 Description: The issue affects Deck, a kanban style organization tool integrated with Nextcloud, allowing an attacker to make a user send any POST request with an arbitrary body if they click o...

Nextcloud Talk 访问控制错误漏洞

Nextcloud Talk is a self-hosted local audio/video and chat communication service from Nextcloud Germany. An access control error vulnerability exists in Nextcloud Talk. An attacker could use this vulnerability to access a user's Nextcloud files and view conversations...

Deck 跨站请求伪造漏洞

Deck is a Kanban style organization tool. Designed for personal planning and project organization for teams integrating with Nextcloud. Deck suffers from a cross-site request forgery vulnerability. An attacker exploiting this vulnerability could send any POST request using an arbitrary body...

PT-2023-18525 · Nextcloud · Nextcloud Talk Android

Name of the Vulnerable Software and Affected Versions: Nextcloud Talk Android app versions prior to 15.0.2 Description: The issue allows an attacker to bypass the passcode, gaining access to the user's Nextcloud files and conversations. This can be exploited with physical access to the target...