← Voltar para CVEs
CVE-2024-37883
MEDIUM4.3
Descricao
Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A user with access to a deck board was able to access comments and attachments of already deleted cards. It is recommended that the Nextcloud Deck app is upgraded to 1.6.6 or 1.7.5 or 1.8.7 or 1.9.6 or 1.11.3 or 1.12.1.
Detalhes CVE
Pontuacao CVSS v3.14.3
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado6/14/2024
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
nextcloud:deck
Fraquezas (CWE)
CWE-284
Referencias
https://github.com/nextcloud/deck/pull/5423(security-advisories@github.com)
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-x45g-vx69-r9m8(security-advisories@github.com)
https://hackerone.com/reports/2289333(security-advisories@github.com)
https://github.com/nextcloud/deck/pull/5423(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-x45g-vx69-r9m8(af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/2289333(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.