CVE-2025-66557

Опубликовано: 05 дек. 2025

Источник: nvd

CVSS3: 5.4

CVSS3: 4.3

EPSS Низкий

Описание

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.14.6 and 1.15.2, a bug in the permission logic allowed users with "Can share" permission to modify the permissions of other recipients. This vulnerability is fixed in 1.14.6 and 1.15.2.

Ссылки

https://github.com/nextcloud/deck/commit/f1da8b30a455f02373d44154da04494c949a95ae
Patch
https://github.com/nextcloud/deck/pull/7131
Issue Tracking
Patch
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wwr8-hx9g-rjvv
Patch
Vendor Advisory
https://hackerone.com/reports/3247499
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:nextcloud:deck:*:*:*:*:*:*:*:*

Версия от 1.14.0 (включая) до 1.14.6 (исключая)

cpe:2.3:a:nextcloud:deck:*:*:*:*:*:*:*:*

Версия от 1.15.0 (включая) до 1.15.2 (исключая)

EPSS

Процентиль: 1%

0.00012

Низкий

5.4 Medium

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-284

NVD-CWE-noinfo

EPSS

Процентиль: 1%

0.00012

Низкий

5.4 Medium

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-284

NVD-CWE-noinfo