CVE-2024-37883

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A user with access to a deck board was able to access comments and attachments of already deleted cards. It is recommended that the Nextcloud Deck app is...

CVE-2024-37883 Nextcloud Deck can access comments and attachments of deleted cards

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A user with access to a deck board was able to access comments and attachments of already deleted cards. It is recommended that the Nextcloud Deck app is...

Nextcloud Security Breach

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Deck versions prior to 1.6.6, prior to 1.7.5, prior to 1.8.7, prior to 1.9.6, prior to 1.11.3, and prior to...

PT-2024-27809 · Nextcloud · Nextcloud Deck

Name of the Vulnerable Software and Affected Versions: Nextcloud Deck versions prior to 1.6.6 Nextcloud Deck versions prior to 1.7.5 Nextcloud Deck versions prior to 1.8.7 Nextcloud Deck versions prior to 1.9.6 Nextcloud Deck versions prior to 1.11.3 Nextcloud Deck versions prior to 1.12.1...

Nextcloud: Easy way to create a new Deck board without permission

A vulnerability was discovered that allowed users to create new boards without permission. The vulnerability involved cloning an existing board and renaming it, bypassing the restrictions set by the admin to limit board creation to specific groups...

Nextcloud: Deck app allows to spoof file extensions by using RTLO characters

The Deck app was found to allow spoofing of file extensions by using RTLO characters...

CVE-2024-22213 Cross-site Scripting when sending HTML as a comment in the Nextcloud Deck app

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions users could be tricked into executing malicious code that would execute in their browser via HTML sent as a comment. It is recommended that the...

Self XSS when sending HTML as a comment in the Deck app

None...

SUSE CVE-2019-15619

Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project...

CVE-2023-22471 Nextcloud Deck vulnerable to authorization bypass

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Broken access control allows a user to delete attachments of other users. There are currently no known workarounds. It is recommended that the Nextcloud Deck app is...

CVE-2023-22470 Nextcloud Deck vulnerable to uncontrolled resource consumption

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A database error can be generated potentially causing a DoS when performed multiple times. There are currently no known workarounds. It is recommended that t...

CVE-2023-22470 Nextcloud Deck vulnerable to uncontrolled resource consumption

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A database error can be generated potentially causing a DoS when performed multiple times. There are currently no known workarounds. It is recommended that t...

Nextcloud 安全漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Deck versions prior to 1.6.5, 1.7.x versions prior to 1.7.3, and 1.8.x versions prior to 1.8.2, which stems fr...

PT-2023-18522 · Nextcloud · Nextcloud Deck

Name of the Vulnerable Software and Affected Versions: Nextcloud Deck versions prior to 1.6.5 Nextcloud Deck versions prior to 1.7.3 Nextcloud Deck versions prior to 1.8.2 Description: Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams...

CVE-2023-22469 Nextcloud Deck card vulnerable to data leak to unauthorized users via reference preview cache

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. When getting the reference preview for Deck cards the user has no access to, unauthorized user could eventually get the cached data of a user that has access. There ar...

Nextcloud 安全漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in versions prior to Nextcloud Deck 1.8.2 that stems from the fact that when obtaining a reference preview of a Deck card t...

PT-2023-18520 · Nextcloud · Deck

Name of the Vulnerable Software and Affected Versions: Nextcloud app Deck versions prior to 1.8.2 Description: The issue affects Deck, a kanban style organization tool integrated with Nextcloud, used for personal planning and project organization for teams. When getting the reference preview for...

CVE-2023-22472 Nextcloud Deck Desktop Client is vulnerable to Cross-Site Request Forgery (CSRF) via malicious link

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. It is possible to make a user send any POST request with an arbitrary body given they click on a malicious deep link on a Windows computer. e.g. in an email, chat link...

Possibility to delete files attached to deck cards of other users

None...

Path traversal

Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud, similar to Trello. The full path of the application is exposed to unauthorized users. It is recommended that the Nextcloud Deck app is upgraded to 1.2.11, 1.4.6, or 1.5.4. There is no workaround available...