CVE-2024-37883

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A user with access to a deck board was able to access comments and attachments of already deleted cards. It is recommended that the Nextcloud Deck app is upgraded to 1.6.6 or 1.7.5 or 1.8.7 or 1.9.6 or 1.11.3 or 1.12.1.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:nextcloud:deck:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:deck:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:deck:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:deck:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:deck:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:deck:1.12.0:-:*:*:*:*:*:*
cpe:2.3:a:nextcloud:deck:1.12.0:beta1:*:*:*:*:*:*
cpe:2.3:a:nextcloud:deck:1.12.0:beta2:*:*:*:*:*:*
cpe:2.3:a:nextcloud:deck:1.12.0:beta3:*:*:*:*:*:*
cpe:2.3:a:nextcloud:deck:1.12.0:beta4:*:*:*:*:*:*
cpe:2.3:a:nextcloud:deck:1.12.0:beta5:*:*:*:*:*:*

History

19 Aug 2024, 16:00

Type Values Removed Values Added
CWE NVD-CWE-noinfo
References () https://github.com/nextcloud/deck/pull/5423 - () https://github.com/nextcloud/deck/pull/5423 - Patch
References () https://github.com/nextcloud/security-advisories/security/advisories/GHSA-x45g-vx69-r9m8 - () https://github.com/nextcloud/security-advisories/security/advisories/GHSA-x45g-vx69-r9m8 - Patch, Third Party Advisory
References () https://hackerone.com/reports/2289333 - () https://hackerone.com/reports/2289333 - Issue Tracking
First Time Nextcloud
Nextcloud deck
CPE cpe:2.3:a:nextcloud:deck:1.12.0:beta3:*:*:*:*:*:*
cpe:2.3:a:nextcloud:deck:1.12.0:-:*:*:*:*:*:*
cpe:2.3:a:nextcloud:deck:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:deck:1.12.0:beta2:*:*:*:*:*:*
cpe:2.3:a:nextcloud:deck:1.12.0:beta4:*:*:*:*:*:*
cpe:2.3:a:nextcloud:deck:1.12.0:beta1:*:*:*:*:*:*
cpe:2.3:a:nextcloud:deck:1.12.0:beta5:*:*:*:*:*:*

17 Jun 2024, 12:42

Type Values Removed Values Added
Summary
  • (es) Nextcloud Deck es una herramienta de organización estilo kanban destinada a la planificación personal y organización de proyectos para equipos integrada con Nextcloud. Un usuario con acceso a un tablero pudo acceder a comentarios y archivos adjuntos de tarjetas ya eliminadas. Se recomienda actualizar la aplicación Nextcloud Deck a 1.6.6 o 1.7.5 o 1.8.7 o 1.9.6 o 1.11.3 o 1.12.1.

14 Jun 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-14 16:15

Updated : 2024-08-19 16:00


NVD link : CVE-2024-37883

Mitre link : CVE-2024-37883

CVE.ORG link : CVE-2024-37883


JSON object : View

Products Affected

nextcloud

  • deck
CWE
NVD-CWE-noinfo CWE-284

Improper Access Control