CVE-2023-22470

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A database error can be generated potentially causing a DoS when performed multiple times. There are currently no known workarounds. It is recommended that the Nextcloud Server is upgraded to 1.6.5 or 1.7.3 or 1.8.2.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:nextcloud:deck:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:deck:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:deck:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:44

Type Values Removed Values Added
Summary
  • (es) Nextcloud Deck es una herramienta de organización estilo kanban destinada a la planificación personal y organización de proyectos para equipos integrada con Nextcloud. Se puede generar un error en la base de datos que podría causar un DoS cuando se realiza varias veces. Actualmente no se conocen workarounds. Se recomienda actualizar Nextcloud Server a 1.6.5, 1.7.3 o 1.8.2.
References () https://github.com/nextcloud/deck/pull/4059 - Patch, Third Party Advisory () https://github.com/nextcloud/deck/pull/4059 - Patch, Third Party Advisory
References () https://github.com/nextcloud/security-advisories/security/advisories/GHSA-93j5-wx4c-6g88 - Third Party Advisory () https://github.com/nextcloud/security-advisories/security/advisories/GHSA-93j5-wx4c-6g88 - Third Party Advisory
CVSS v2 : unknown
v3 : 6.5
v2 : unknown
v3 : 3.5

Information

Published : 2023-01-14 01:15

Updated : 2024-11-21 07:44


NVD link : CVE-2023-22470

Mitre link : CVE-2023-22470

CVE.ORG link : CVE-2023-22470


JSON object : View

Products Affected

nextcloud

  • deck
CWE
CWE-400

Uncontrolled Resource Consumption

CWE-20

Improper Input Validation