4.3

CVE-2024-37883

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A user with access to a deck board was able to access comments and attachments of already deleted cards. It is recommended that the Nextcloud Deck app is upgraded to 1.6.6 or 1.7.5 or 1.8.7 or 1.9.6 or 1.11.3 or 1.12.1.

Data is provided by the National Vulnerability Database (NVD)
NextcloudDeck Version >= 1.6.0 < 1.6.6
NextcloudDeck Version >= 1.7.0 < 1.7.5
NextcloudDeck Version >= 1.8.0 < 1.8.7
NextcloudDeck Version >= 1.9.0 < 1.9.6
NextcloudDeck Version >= 1.11.0 < 1.11.3
NextcloudDeck Version1.12.0 Update-
NextcloudDeck Version1.12.0 Updatebeta1
NextcloudDeck Version1.12.0 Updatebeta2
NextcloudDeck Version1.12.0 Updatebeta3
NextcloudDeck Version1.12.0 Updatebeta4
NextcloudDeck Version1.12.0 Updatebeta5
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.11% 0.294
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
security-advisories@github.com 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.