CVE-2023-22470Uncontrolled Resource Consumption in Deck

CWE-400Uncontrolled Resource ConsumptionCWE-20Improper Input Validation2 documents2 sources
Severity
6.5MEDIUMNVD
CNA3.5
EPSS
0.2%
top 51.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nextcloud DeckNextcloud Security-advisories
Timeline
PublishedJan 14

Description

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A database error can be generated potentially causing a DoS when performed multiple times. There are currently no known workarounds. It is recommended that the Nextcloud Server is upgraded to 1.6.5 or 1.7.3 or 1.8.2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDnextcloud/deck1.7.01.7.3+2
CVEListV5nextcloud/security-advisories>= 1.6.0, < 1.6.5, >= 1.7.0, < 1.7.3, >= 1.8.0, < 1.8.2+2

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

1
CVEList
Nextcloud Deck vulnerable to uncontrolled resource consumption2023-01-14
CVE-2023-22470 — Uncontrolled Resource Consumption | cvebase