CVE-2020-8179Improper Access Control in Deck

CWE-284Improper Access ControlCWE-269Improper Privilege Management3 documents3 sources
Severity
4.1MEDIUMNVD
EPSS
0.1%
top 66.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Nextcloud Deck
Timeline
PublishedJul 2
Latest updateMay 24

Description

Improper access control in Nextcloud Deck 1.0.0 allowed an attacker to inject tasks into other users decks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:NExploitability: 2.3 | Impact: 1.4

Affected Packages1 packages

NVDnextcloud/deck< 1.0.1

🔴Vulnerability Details

2
GHSA
GHSA-pm5m-m73v-cg3v: Improper access control in Nextcloud Deck 12022-05-24
CVEList
CVE-2020-8179: Improper access control in Nextcloud Deck 12020-07-02
CVE-2020-8179 — Improper Access Control in Deck | cvebase