Vulnerability Description
Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud, similar to Trello. The full path of the application is exposed to unauthorized users. It is recommended that the Nextcloud Deck app is upgraded to 1.2.11, 1.4.6, or 1.5.4. There is no workaround available.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nextcloud | Deck | < 1.2.11 |
Related Weaknesses (CWE)
References
- https://github.com/nextcloud/deck/pull/3384Issue TrackingPatchThird Party Advisory
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hx9w-xExploitIssue TrackingThird Party Advisory
- https://hackerone.com/reports/1354334ExploitIssue TrackingThird Party Advisory
- https://github.com/nextcloud/deck/pull/3384Issue TrackingPatchThird Party Advisory
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hx9w-xExploitIssue TrackingThird Party Advisory
- https://hackerone.com/reports/1354334ExploitIssue TrackingThird Party Advisory
FAQ
What is CVE-2022-24906?
CVE-2022-24906 is a vulnerability with a CVSS score of 3.5 (LOW). Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud, similar to Trello. The full path of the application is exposed to unauthorized users. It is recommended that the Next...
How severe is CVE-2022-24906?
CVE-2022-24906 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-24906?
Check the references section above for vendor advisories and patch information. Affected products include: Nextcloud Deck.