PT-2022-19420 · Nextcloud · Nextcloud Deck

Supr4S

Published

2022-05-20

Updated

2022-06-02

CVE-2022-29159

CVSS v3.1

5.0

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Nextcloud Deck versions prior to 1.4.8 Nextcloud Deck versions prior to 1.5.6 Nextcloud Deck versions prior to 1.6.1

Description Nextcloud Deck is a Kanban-style project and personal management tool for Nextcloud. In affected versions, an authenticated user can move stacks with cards from their own board to a board of another user.

Recommendations For versions prior to 1.4.8, update to version 1.4.8 or later. For versions prior to 1.5.6, update to version 1.5.6 or later. For versions prior to 1.6.1, update to version 1.6.1 or later.

Exploit

Fix

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639

Related Identifiers

CVE-2022-29159

GHSA-VQHF-673W-7R3J

Affected Products

Nextcloud Deck

PT-2022-19420 · Nextcloud · Nextcloud Deck

CVE-2022-29159

Weakness Enumeration

Related Identifiers

Affected Products

References · 7