Описание
Nextcloud is an open-source, self-hosted productivity platform. A missing permission check in Nextcloud Deck before 1.2.9, 1.4.5 and 1.5.3 allows another authenticated users to access Deck cards of another user. It is recommended that the Nextcloud Deck App is upgraded to 1.2.9, 1.4.5 or 1.5.3. There are no known workarounds aside from upgrading.
Ссылки
- PatchThird Party Advisory
- Third Party Advisory
- Permissions RequiredThird Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
- Permissions RequiredThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.2.9 (исключая)Версия от 1.3.0 (включая) до 1.4.5 (исключая)Версия от 1.5.0 (включая) до 1.5.3 (исключая)
Одно из
cpe:2.3:a:nextcloud:deck:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:deck:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:deck:*:*:*:*:*:*:*:*
EPSS
Процентиль: 50%
0.00269
Низкий
8.1 High
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-639
CWE-862
EPSS
Процентиль: 50%
0.00269
Низкий
8.1 High
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-639
CWE-862