CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
AI Score
Confidence
High
EPSS
Percentile
33.4%
Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Broken access control allows a user to delete attachments of other users. There are currently no known workarounds. It is recommended that the Nextcloud Deck app is upgraded to 1.6.5 or 1.7.3 or 1.8.2.
[
{
"vendor": "nextcloud",
"product": "security-advisories",
"versions": [
{
"version": ">= 1.60, < 1.6.5",
"status": "affected"
},
{
"version": ">= 1.7.0, < 1.7.3",
"status": "affected"
},
{
"version": ">= 1.8.0, < 1.8.2",
"status": "affected"
}
]
}
]
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
AI Score
Confidence
High
EPSS
Percentile
33.4%