PT-2023-18520 · Nextcloud · Deck
Nickvergessen
·
Published
2023-01-10
·
Updated
2023-01-14
·
CVE-2023-22469
CVSS v3.1
5.8
Medium
| Vector | AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Nextcloud app Deck versions prior to 1.8.2
Description
The issue affects Deck, a kanban style organization tool integrated with Nextcloud, used for personal planning and project organization for teams. When getting the reference preview for Deck cards the user has no access to, an unauthorized user could eventually get the cached data of a user that has access. There are currently no known workarounds.
Recommendations
For versions prior to 1.8.2, it is recommended that the Nextcloud app Deck is upgraded to 1.8.2.
Exploit
Fix
Insecure Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Deck