Deck Security Vulnerabilities and Issues — Deck CVE List

Lucene search

NextcloudDeck

4 matches found

CVE•added 2021/10/25 10:15 p.m.•45 views

CVE-2021-39225

Nextcloud is an open-source, self-hosted productivity platform. A missing permission check in Nextcloud Deck before 1.2.9, 1.4.5 and 1.5.3 allows another authenticated users to access Deck cards of another user. It is recommended that the Nextcloud Deck App is upgraded to 1.2.9, 1.4.5 or 1.5.3. The...

8.1CVSS7.9AI score0.00205EPSS

CVE•added 2021/09/07 8:15 p.m.•42 views

CVE-2021-37631

Deck is an open source kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions the Deck application didn't properly check membership of users in a Circle. This allowed other users in the instance to gain access to ...

6.5CVSS6.7AI score0.00289EPSS

CVE•added 2021/02/23 7:15 p.m.•39 views

CVE-2020-8297

Nextcloud Deck before 1.0.2 suffers from an insecure direct object reference (IDOR) vulnerability that permits users with a duplicate user identifier to access deck data of a previous deleted user.

4.3CVSS4.5AI score0.00233EPSS

CVE•added 2021/06/11 4:15 p.m.•37 views

CVE-2021-22913

Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only the local Nextcloud server unless a global search has been explicitly chosen by the user.

6.5CVSS6.1AI score0.00652EPSS