CVE-2023-22470

Опубликовано: 14 янв. 2023

Источник: nvd

CVSS3: 3.5

CVSS3: 6.5

EPSS Низкий

Описание

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A database error can be generated potentially causing a DoS when performed multiple times. There are currently no known workarounds. It is recommended that the Nextcloud Server is upgraded to 1.6.5 or 1.7.3 or 1.8.2.

Ссылки

https://github.com/nextcloud/deck/pull/4059
Patch
Third Party Advisory
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-93j5-wx4c-6g88
Third Party Advisory
https://github.com/nextcloud/deck/pull/4059
Patch
Third Party Advisory
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-93j5-wx4c-6g88
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:nextcloud:deck:*:*:*:*:*:*:*:*

Версия до 1.6.5 (исключая)

cpe:2.3:a:nextcloud:deck:*:*:*:*:*:*:*:*

Версия от 1.7.0 (включая) до 1.7.3 (исключая)

cpe:2.3:a:nextcloud:deck:*:*:*:*:*:*:*:*

Версия от 1.8.0 (включая) до 1.8.2 (исключая)

EPSS

Процентиль: 52%

0.00292

Низкий

3.5 Low

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-400

CWE-20

EPSS

Процентиль: 52%

0.00292

Низкий

3.5 Low

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-400

CWE-20