6.5
CVE-2023-22470
- EPSS 0.25%
- Veröffentlicht 14.01.2023 01:15:13
- Zuletzt bearbeitet 21.11.2024 07:44:52
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginNextcloud Deck vulnerable to uncontrolled resource consumption
Missing character limitation allows to put generate a database error
Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A database error can be generated potentially causing a DoS when performed multiple times. There are currently no known workarounds. It is recommended that the Nextcloud Server is upgraded to 1.6.5 or 1.7.3 or 1.8.2.
Mögliche Gegenmaßnahme
Deck: No workaround available
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Weitere Schwachstelleninformationen
SystemNextcloud App
≫
Produkt
Deck
Version
>= 0.0.0, < 1.6.5
Version
>= 1.7.0, < 1.7.3
Version
>= 1.8.0, < 1.8.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.25% | 0.48 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| security-advisories@github.com | 3.5 | 2.1 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-400 Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.