CVE-2024-37883 — Improper Access Control in Deck

CWE-284 — Improper Access Control2 documents2 sources

Severity

4.3MEDIUMNVD

EPSS

0.1%

top 65.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nextcloud Deck Nextcloud Security-advisories

Timeline

PublishedJun 14

Description

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A user with access to a deck board was able to access comments and attachments of already deleted cards. It is recommended that the Nextcloud Deck app is upgraded to 1.6.6 or 1.7.5 or 1.8.7 or 1.9.6 or 1.11.3 or 1.12.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDnextcloud/deck1.6.0 — 1.6.6+5

▶CVEListV5nextcloud/security-advisories6 versions+5

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

CVEList

Nextcloud Deck can access comments and attachments of deleted cards↗2024-06-14

▶