PT-2021-22476 · Nextcloud · Nextcloud Deck

Lukas Reschke

Published

2021-10-25

Updated

2022-04-25

CVE-2021-39225

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Nextcloud Deck versions prior to 1.2.9 Nextcloud Deck versions prior to 1.4.5 Nextcloud Deck versions prior to 1.5.3

Description A missing permission check in Nextcloud Deck allows another authenticated user to access Deck cards of another user.

Recommendations For Nextcloud Deck versions prior to 1.2.9, upgrade to version 1.2.9. For Nextcloud Deck versions prior to 1.4.5, upgrade to version 1.4.5. For Nextcloud Deck versions prior to 1.5.3, upgrade to version 1.5.3.

Fix

Missing Authorization

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862CWE-639

Related Identifiers

CVE-2021-39225

GHSA-2X96-38QG-3M72

Affected Products

Nextcloud Deck

PT-2021-22476 · Nextcloud · Nextcloud Deck

CVE-2021-39225

Weakness Enumeration

Related Identifiers

Affected Products

References · 8