VDB
CVE-2023-22472
CVE-2023-22472
PUBLISHED
CVSS 5.300000190734863 MEDIUM
Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. When getting the reference preview for Deck cards the user has no access to, unauthorized user could eventually get the cached data of a user that has access. There are currently no known workarounds. It is recommended that the Nextcloud app Deck is upgraded to 1.8.2.
EPSS 0.10% · 28.0th percentile
Risk Scores
CVSS v3.1
5.300000190734863
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
EPSS Score
0.10%
28.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| nextcloud | security-advisories | <= 3.6.1, < 1.8.2 |
| nextcloud | desktop | 3.6.1, 3.6.1 |
Timeline
- CVE Published
- Jan 10, 2023 EPSS Score
- Jan 11, 2023 PoC Published
- Feb 20, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 12, 2023 EPSS Score
- Jun 22, 2023 EPSS Score
- Aug 2, 2023 EPSS Score
- Sep 12, 2023 EPSS Score
- Oct 23, 2023 EPSS Score
- Dec 3, 2023 EPSS Score
References
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wvr4-gc4c-6vmx advisory
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4gfv-xqpx-42qj url
- https://github.com/nextcloud/desktop/pull/5106 url
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8fjp-w9gp-j5hq url
- https://github.com/nextcloud/deck/pull/4196 url