CVE-2022-24906Sensitive Information Exposure in Security-advisories

CWE-200Sensitive Information ExposureCWE-209Information Exposure via Error Message2 documents2 sources
Severity
4.3MEDIUMNVD
CNA3.5
EPSS
0.3%
top 49.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nextcloud Security-advisoriesNextcloud Deck
Timeline
PublishedMay 20

Description

Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud, similar to Trello. The full path of the application is exposed to unauthorized users. It is recommended that the Nextcloud Deck app is upgraded to 1.2.11, 1.4.6, or 1.5.4. There is no workaround available.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDnextcloud/deck1.4.01.4.6+2
CVEListV5nextcloud/security-advisories< 1.2.11+2

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

1
CVEList
Error in deleting deck cards attachment reveals the full application path in Nextcloud Deck2022-05-20
CVE-2022-24906 — Sensitive Information Exposure | cvebase