← Zuruck zu CVEs
CVE-2024-22213
NONE0.0
Beschreibung
Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions users could be tricked into executing malicious code that would execute in their browser via HTML sent as a comment. It is recommended that the Nextcloud Deck is upgraded to version 1.9.5 or 1.11.2. There are no known workarounds for this vulnerability.
CVE Details
CVSS v3.1 Bewertung0.0
SchweregradNONE
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht1/18/2024
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
nextcloud:deck
Schwachen (CWE)
CWE-79CWE-79
Referenzen
https://github.com/nextcloud/deck/commit/91f1557362047f8840f53151f176b80148650bcd(security-advisories@github.com)
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mg7w-x9fm-9wwc(security-advisories@github.com)
https://hackerone.com/reports/2058556(security-advisories@github.com)
https://github.com/nextcloud/deck/commit/91f1557362047f8840f53151f176b80148650bcd(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mg7w-x9fm-9wwc(af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/2058556(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.