4.3

CVE-2024-37883

Nextcloud Deck can access comments and attachments of deleted cards

Can access comments and attachments of deleted cards

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A user with access to a deck board was able to access comments and attachments of already deleted cards. It is recommended that the Nextcloud Deck app is upgraded to 1.6.6 or 1.7.5 or 1.8.7 or 1.9.6 or 1.11.3 or 1.12.1.
Mögliche Gegenmaßnahme
Deck: * Disable Deck app
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NextcloudDeck Version >= 1.6.0 < 1.6.6
NextcloudDeck Version >= 1.7.0 < 1.7.5
NextcloudDeck Version >= 1.8.0 < 1.8.7
NextcloudDeck Version >= 1.9.0 < 1.9.6
NextcloudDeck Version >= 1.11.0 < 1.11.3
NextcloudDeck Version1.12.0 Update-
NextcloudDeck Version1.12.0 Updatebeta1
NextcloudDeck Version1.12.0 Updatebeta2
NextcloudDeck Version1.12.0 Updatebeta3
NextcloudDeck Version1.12.0 Updatebeta4
NextcloudDeck Version1.12.0 Updatebeta5
Weitere Schwachstelleninformationen
SystemNextcloud App
Produkt Deck
Version >= 1.12.0, < 1.12.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.14% 0.345
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
security-advisories@github.com 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.