91 matches found
Code injection
Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud. In versions prior to 1.4.8, 1.5.6, and 1.6.1, an authenticated user can move stacks with cards from their own board to a board of another user. The Nextcloud Deck app contains a patch for this issue in versions...
CVE-2022-24906 Error in deleting deck cards attachment reveals the full application path in Nextcloud Deck
Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud, similar to Trello. The full path of the application is exposed to unauthorized users. It is recommended that the Nextcloud Deck app is upgraded to 1.2.11, 1.4.6, or 1.5.4. There is no workaround available...
CVE-2022-24906
CVE-2022-24906 affects Nextcloud Deck: an error in deleting deck card attachments reveals the full application path to unauthorized users. Documented impact is information disclosure (full path). Affected product: Nextcloud Deck (Nextcloud app); vulnerable component: deck attachment deletion flow...
CVE-2022-24906 Error in deleting deck cards attachment reveals the full application path in Nextcloud Deck
Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud, similar to Trello. The full path of the application is exposed to unauthorized users. It is recommended that the Nextcloud Deck app is upgraded to 1.2.11, 1.4.6, or 1.5.4. There is no workaround available...
CVE-2022-29159 Possibility for anyone to add a stack with existing tasks on anyone's board in Nextcloud Deck
Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud. In versions prior to 1.4.8, 1.5.6, and 1.6.1, an authenticated user can move stacks with cards from their own board to a board of another user. The Nextcloud Deck app contains a patch for this issue in versions...
CVE-2022-29159
CVE-2022-29159 affects Nextcloud Deck (Kanban tool for Nextcloud). In versions prior to 1.4.8, 1.5.6, and 1.6.1, an authenticated user can move stacks with cards from their own board to another user’s board (an IDOR-like issue). A patch exists in Deck versions 1.4.8, 1.5.6, and 1.6.1. Public deta...
CVE-2022-29159 Possibility for anyone to add a stack with existing tasks on anyone's board in Nextcloud Deck
Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud. In versions prior to 1.4.8, 1.5.6, and 1.6.1, an authenticated user can move stacks with cards from their own board to a board of another user. The Nextcloud Deck app contains a patch for this issue in versions...
Nextcloud 安全漏洞
Nextcloud is an open source set of self-hosted file synchronization and sharing communication applications platform from Germany-based Nextcloud. Nextcloud Deck is vulnerable to an access control error in versions prior to 1.2.9, 1.4.5 and 1.5.3. The vulnerability stems from a lack of permission...
Nextcloud: When sharing a Deck card in conversation the metaData can be manipulated to open arbitrary URL
Summary: This report is similar to 1337178 In Nextcloud Deck a user can post their decks in to a conversation via nextcloud talk. The link in metaData can be manipulated to point to a another URL. Steps To Reproduce: 0. Setup burpsuite to proxy 1. Go to Nextcloud Deck and pick a board 2. Pick any...
CVE-2021-22913
Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only the local Nextcloud server unless a global search has been explicitly chosen by the user...
Nextcloud Deck Access Control Error Vulnerability (CNVD-2021-12652)
Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Deck before 1.0.2 that stems from an insecure direct object reference IDOR. An attacker could exploit the...
Nextcloud Deck 安全漏洞
Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Deck before 1.0.2 that stems from an insecure direct object reference IDOR. An attacker could exploit the...
Nextcloud Deck Access Control Error Vulnerability
Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Deck version 0.8.0, which stems from a failure of proper access control and can be exploited by an attacker to...
Nextcloud Deck Information Disclosure Vulnerability
Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Deck 1.0.4, which stems from a lack of access control and can be exploited by an attacker to view all attachments...
CVE-2020-8235
Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments...
CVE-2020-8235
Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments...
Improper access control
Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments...
CVE-2020-8182
Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with them with more permissions than they had themselves...
CVE-2020-8182
CVE-2020-8182 affects Nextcloud Deck 0.8.0. Root cause: improper access control that permits a user to reshARE boards shared with them with greater permissions than they possess. Documents describe a missing server-side check on per-user sharing permissions, enabling an attacker to alter access (...
Nextcloud Deck Access Control Error Vulnerability
Nextcloud Deck is a Kanban-style organization tool developed by Nextcloud, Inc. designed for individual planning and project organization for teams integrated with Nextcloud. An access control vulnerability exists in Nextcloud Deck version 1.0.0. An attacker can exploit the vulnerability to injec...