CVE-2023-22471

2023-01-1401:15:14

CWE-639

GitHub_M

web.nvd.nist.gov

deck

nextcloud

kanban

organization

broken access control

cve-2023-22471

nvd

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

AI Score

4.7

Confidence

High

EPSS

0.001

Percentile

33.4%

JSON

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Broken access control allows a user to delete attachments of other users. There are currently no known workarounds. It is recommended that the Nextcloud Deck app is upgraded to 1.6.5 or 1.7.3 or 1.8.2.

Affected configurations

Nvd

Vulners

Node

nextclouddeckRange<1.6.5

nextclouddeckRange1.7.0–1.7.3

nextclouddeckRange1.8.0–1.8.2

VendorProductVersionCPE
nextclouddeck*cpe:2.3:a:nextcloud:deck:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nextcloud	deck	*	cpe:2.3:a:nextcloud:deck::::::::

CNA Affected

[
  {
    "vendor": "nextcloud",
    "product": "security-advisories",
    "versions": [
      {
        "version": ">= 1.60, < 1.6.5",
        "status": "affected"
      },
      {
        "version": ">= 1.7.0, < 1.7.3",
        "status": "affected"
      },
      {
        "version": ">= 1.8.0, < 1.8.2",
        "status": "affected"
      }
    ]
  }
]