CVE-2023-22471

Опубликовано: 14 янв. 2023

Источник: nvd

CVSS3: 3.5

CVSS3: 4.3

EPSS Низкий

Описание

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Broken access control allows a user to delete attachments of other users. There are currently no known workarounds. It is recommended that the Nextcloud Deck app is upgraded to 1.6.5 or 1.7.3 or 1.8.2.

Ссылки

https://github.com/nextcloud/deck/pull/4173
Patch
Third Party Advisory
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2vw5-pfg6-3wm6
Third Party Advisory
https://github.com/nextcloud/deck/pull/4173
Patch
Third Party Advisory
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2vw5-pfg6-3wm6
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:nextcloud:deck:*:*:*:*:*:*:*:*

Версия до 1.6.5 (исключая)

cpe:2.3:a:nextcloud:deck:*:*:*:*:*:*:*:*

Версия от 1.7.0 (включая) до 1.7.3 (исключая)

cpe:2.3:a:nextcloud:deck:*:*:*:*:*:*:*:*

Версия от 1.8.0 (включая) до 1.8.2 (исключая)

EPSS

Процентиль: 29%

0.00106

Низкий

3.5 Low

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-639

EPSS

Процентиль: 29%

0.00106

Низкий

3.5 Low

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-639