CVE-2024-37883

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-37883
Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A user with access to a deck board was able to access comments and attachments of already deleted cards. It is recommended that the Nextcloud Deck app is upgraded to 1.6.6 or 1.7.5 or 1.8.7 or 1.9.6 or 1.11.3 or 1.12.1.

4.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/nextcloud/deck/pull/5423 Patch
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-x45g-vx69-r9m8 Patch Third Party Advisory
https://hackerone.com/reports/2289333 Issue Tracking
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:nextcloud:deck:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:deck:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:deck:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:deck:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:deck:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:deck:1.12.0:-:*:*:*:*:*:*
cpe:2.3:a:nextcloud:deck:1.12.0:beta1:*:*:*:*:*:*
cpe:2.3:a:nextcloud:deck:1.12.0:beta2:*:*:*:*:*:*
cpe:2.3:a:nextcloud:deck:1.12.0:beta3:*:*:*:*:*:*
cpe:2.3:a:nextcloud:deck:1.12.0:beta4:*:*:*:*:*:*
cpe:2.3:a:nextcloud:deck:1.12.0:beta5:*:*:*:*:*:*
History

19 Aug 2024, 16:00

Type Values Removed Values Added
CWE NVD-CWE-noinfo
References () https://github.com/nextcloud/deck/pull/5423 - () https://github.com/nextcloud/deck/pull/5423 - Patch
References () https://github.com/nextcloud/security-advisories/security/advisories/GHSA-x45g-vx69-r9m8 - () https://github.com/nextcloud/security-advisories/security/advisories/GHSA-x45g-vx69-r9m8 - Patch, Third Party Advisory
References () https://hackerone.com/reports/2289333 - () https://hackerone.com/reports/2289333 - Issue Tracking
First Time Nextcloud
Nextcloud deck
CPE cpe:2.3:a:nextcloud:deck:1.12.0:beta3:*:*:*:*:*:*
cpe:2.3:a:nextcloud:deck:1.12.0:-:*:*:*:*:*:*
cpe:2.3:a:nextcloud:deck:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:deck:1.12.0:beta2:*:*:*:*:*:*
cpe:2.3:a:nextcloud:deck:1.12.0:beta4:*:*:*:*:*:*
cpe:2.3:a:nextcloud:deck:1.12.0:beta1:*:*:*:*:*:*
cpe:2.3:a:nextcloud:deck:1.12.0:beta5:*:*:*:*:*:*

17 Jun 2024, 12:42

Type Values Removed Values Added
Summary
  • (es) Nextcloud Deck es una herramienta de organización estilo kanban destinada a la planificación personal y organización de proyectos para equipos integrada con Nextcloud. Un usuario con acceso a un tablero pudo acceder a comentarios y archivos adjuntos de tarjetas ya eliminadas. Se recomienda actualizar la aplicación Nextcloud Deck a 1.6.6 o 1.7.5 o 1.8.7 o 1.9.6 o 1.11.3 o 1.12.1.

14 Jun 2024, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-06-14 16:15

Updated : 2024-08-19 16:00

NVD link : CVE-2024-37883

Mitre link : CVE-2024-37883

CVE.ORG link : CVE-2024-37883

JSON object : View

Products Affected

nextcloud

  • deck
CWE
NVD-CWE-noinfo CWE-284

Improper Access Control


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024