Lucene search
K

91 matches found

Prion
Prion
added 2022/05/20 4:15 p.m.17 views

Code injection

Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud. In versions prior to 1.4.8, 1.5.6, and 1.6.1, an authenticated user can move stacks with cards from their own board to a board of another user. The Nextcloud Deck app contains a patch for this issue in versions...

4CVSS4.4AI score0.00917EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2022/05/20 3:40 p.m.7 views

CVE-2022-24906 Error in deleting deck cards attachment reveals the full application path in Nextcloud Deck

Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud, similar to Trello. The full path of the application is exposed to unauthorized users. It is recommended that the Nextcloud Deck app is upgraded to 1.2.11, 1.4.6, or 1.5.4. There is no workaround available...

3.5CVSS5AI score0.01013EPSS
Exploits1References3
CVE
CVE
added 2022/05/20 3:40 p.m.92 views

CVE-2022-24906

CVE-2022-24906 affects Nextcloud Deck: an error in deleting deck card attachments reveals the full application path to unauthorized users. Documented impact is information disclosure (full path). Affected product: Nextcloud Deck (Nextcloud app); vulnerable component: deck attachment deletion flow...

4.3CVSS4.3AI score0.01013EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2022/05/20 3:40 p.m.27 views

CVE-2022-24906 Error in deleting deck cards attachment reveals the full application path in Nextcloud Deck

Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud, similar to Trello. The full path of the application is exposed to unauthorized users. It is recommended that the Nextcloud Deck app is upgraded to 1.2.11, 1.4.6, or 1.5.4. There is no workaround available...

3.5CVSS4.9AI score0.01013EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/05/20 3:40 p.m.26 views

CVE-2022-29159 Possibility for anyone to add a stack with existing tasks on anyone's board in Nextcloud Deck

Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud. In versions prior to 1.4.8, 1.5.6, and 1.6.1, an authenticated user can move stacks with cards from their own board to a board of another user. The Nextcloud Deck app contains a patch for this issue in versions...

5CVSS5.3AI score0.00917EPSS
Exploits1References3
CVE
CVE
added 2022/05/20 3:40 p.m.74 views

CVE-2022-29159

CVE-2022-29159 affects Nextcloud Deck (Kanban tool for Nextcloud). In versions prior to 1.4.8, 1.5.6, and 1.6.1, an authenticated user can move stacks with cards from their own board to another user’s board (an IDOR-like issue). A patch exists in Deck versions 1.4.8, 1.5.6, and 1.6.1. Public deta...

5CVSS4.5AI score0.00917EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2022/05/20 3:40 p.m.7 views

CVE-2022-29159 Possibility for anyone to add a stack with existing tasks on anyone's board in Nextcloud Deck

Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud. In versions prior to 1.4.8, 1.5.6, and 1.6.1, an authenticated user can move stacks with cards from their own board to a board of another user. The Nextcloud Deck app contains a patch for this issue in versions...

5CVSS5.3AI score0.00917EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/10/25 12:0 a.m.3 views

Nextcloud 安全漏洞

Nextcloud is an open source set of self-hosted file synchronization and sharing communication applications platform from Germany-based Nextcloud. Nextcloud Deck is vulnerable to an access control error in versions prior to 1.2.9, 1.4.5 and 1.5.3. The vulnerability stems from a lack of permission...

8.1CVSS5.6AI score0.01293EPSS
Exploits0References5
Hacker One
Hacker One
added 2021/10/05 7:33 a.m.40 views

Nextcloud: When sharing a Deck card in conversation the metaData can be manipulated to open arbitrary URL

Summary: This report is similar to 1337178 In Nextcloud Deck a user can post their decks in to a conversation via nextcloud talk. The link in metaData can be manipulated to point to a another URL. Steps To Reproduce: 0. Setup burpsuite to proxy 1. Go to Nextcloud Deck and pick a board 2. Pick any...

5.8CVSS0.4AI score0.00897EPSS
Exploits1
Cvelist
Cvelist
added 2021/06/11 3:49 p.m.19 views

CVE-2021-22913

Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only the local Nextcloud server unless a global search has been explicitly chosen by the user...

6.4AI score0.01368EPSS
Exploits0References2
CNVD
CNVD
added 2021/02/25 12:0 a.m.8 views

Nextcloud Deck Access Control Error Vulnerability (CNVD-2021-12652)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Deck before 1.0.2 that stems from an insecure direct object reference IDOR. An attacker could exploit the...

4.3CVSS6.5AI score0.01339EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/02/23 12:0 a.m.8 views

Nextcloud Deck 安全漏洞

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Deck before 1.0.2 that stems from an insecure direct object reference IDOR. An attacker could exploit the...

4.3CVSS5.8AI score0.01339EPSS
Exploits1References4
CNVD
CNVD
added 2020/10/20 12:0 a.m.4 views

Nextcloud Deck Access Control Error Vulnerability

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Deck version 0.8.0, which stems from a failure of proper access control and can be exploited by an attacker to...

8CVSS6.8AI score0.01035EPSS
Exploits1References1
CNVD
CNVD
added 2020/10/20 12:0 a.m.4 views

Nextcloud Deck Information Disclosure Vulnerability

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Deck 1.0.4, which stems from a lack of access control and can be exploited by an attacker to view all attachments...

4.3CVSS6.8AI score0.00781EPSS
Exploits1References1
NVD
NVD
added 2020/10/05 2:15 p.m.32 views

CVE-2020-8235

Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments...

4.3CVSS0.00781EPSS
Exploits1References2
OSV
OSV
added 2020/10/05 2:15 p.m.13 views

CVE-2020-8235

Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments...

4.3CVSS6.7AI score
Exploits0References2
Prion
Prion
added 2020/10/05 2:15 p.m.15 views

Improper access control

Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments...

4CVSS4.6AI score0.00781EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/10/05 1:17 p.m.28 views

CVE-2020-8182

Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with them with more permissions than they had themselves...

7.8AI score0.01035EPSS
Exploits1References2
CVE
CVE
added 2020/10/05 1:17 p.m.52 views

CVE-2020-8182

CVE-2020-8182 affects Nextcloud Deck 0.8.0. Root cause: improper access control that permits a user to reshARE boards shared with them with greater permissions than they possess. Documents describe a missing server-side check on per-user sharing permissions, enabling an attacker to alter access (...

8CVSS7.7AI score0.01035EPSS
Exploits1References2Affected Software1
CNVD
CNVD
added 2020/07/03 12:0 a.m.7 views

Nextcloud Deck Access Control Error Vulnerability

Nextcloud Deck is a Kanban-style organization tool developed by Nextcloud, Inc. designed for individual planning and project organization for teams integrated with Nextcloud. An access control vulnerability exists in Nextcloud Deck version 1.0.0. An attacker can exploit the vulnerability to injec...

4.1CVSS6.6AI score0.00636EPSS
Exploits0References1
Rows per page
Query Builder