CVE-2023-22472

Name of the Vulnerable Software and Affected Versions Nextcloud Desktop client versions prior to 3.6.2

Description The issue affects Deck, a kanban style organization tool integrated with Nextcloud, allowing an attacker to make a user send any POST request with an arbitrary body if they click on a malicious deep link on a Windows computer. This could be done through various means such as email or chat links. There are no known workarounds for this issue.

Recommendations For versions prior to 3.6.2, upgrade the Nextcloud Desktop client to version 3.6.2 to resolve the issue. As a temporary workaround, consider avoiding the use of deep links from untrusted sources until the upgrade is applied.