Vulnerability Details CVE-2022-24906
Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud, similar to Trello. The full path of the application is exposed to unauthorized users. It is recommended that the Nextcloud Deck app is upgraded to 1.2.11, 1.4.6, or 1.5.4. There is no workaround available.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 40.1%
CVSS Severity
CVSS v3 Score 3.5
CVSS v2 Score 4.0
References
- https://github.com/nextcloud/deck/pull/3384
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hx9w-xfrg-2qvp
- https://hackerone.com/reports/1354334
- https://github.com/nextcloud/deck/pull/3384
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hx9w-xfrg-2qvp
- https://hackerone.com/reports/1354334
Products affected by CVE-2022-24906
-
cpe:2.3:a:nextcloud:deck:0.1.0
-
cpe:2.3:a:nextcloud:deck:0.1.1
-
cpe:2.3:a:nextcloud:deck:0.1.2
-
cpe:2.3:a:nextcloud:deck:0.1.3
-
cpe:2.3:a:nextcloud:deck:0.1.4
-
cpe:2.3:a:nextcloud:deck:0.2.0
-
cpe:2.3:a:nextcloud:deck:0.2.1
-
cpe:2.3:a:nextcloud:deck:0.2.2
-
cpe:2.3:a:nextcloud:deck:0.2.3
-
cpe:2.3:a:nextcloud:deck:0.2.4
-
cpe:2.3:a:nextcloud:deck:0.2.5
-
cpe:2.3:a:nextcloud:deck:0.2.6
-
cpe:2.3:a:nextcloud:deck:0.2.7
-
cpe:2.3:a:nextcloud:deck:0.2.8
-
cpe:2.3:a:nextcloud:deck:0.3.0
-
cpe:2.3:a:nextcloud:deck:0.3.1
-
cpe:2.3:a:nextcloud:deck:0.4.0
-
cpe:2.3:a:nextcloud:deck:0.4.1
-
cpe:2.3:a:nextcloud:deck:0.5.0
-
cpe:2.3:a:nextcloud:deck:0.5.1
-
cpe:2.3:a:nextcloud:deck:0.5.2
-
cpe:2.3:a:nextcloud:deck:0.6.0
-
cpe:2.3:a:nextcloud:deck:0.6.1
-
cpe:2.3:a:nextcloud:deck:0.6.2
-
cpe:2.3:a:nextcloud:deck:0.6.3
-
cpe:2.3:a:nextcloud:deck:0.6.4
-
cpe:2.3:a:nextcloud:deck:0.6.5
-
cpe:2.3:a:nextcloud:deck:0.6.6
-
cpe:2.3:a:nextcloud:deck:0.7.0
-
cpe:2.3:a:nextcloud:deck:0.8.0
-
cpe:2.3:a:nextcloud:deck:0.8.1
-
cpe:2.3:a:nextcloud:deck:0.8.2
-
cpe:2.3:a:nextcloud:deck:0.8.3
-
cpe:2.3:a:nextcloud:deck:1.0.0
-
cpe:2.3:a:nextcloud:deck:1.0.1
-
cpe:2.3:a:nextcloud:deck:1.0.2
-
cpe:2.3:a:nextcloud:deck:1.0.3
-
cpe:2.3:a:nextcloud:deck:1.0.4
-
cpe:2.3:a:nextcloud:deck:1.0.5
-
cpe:2.3:a:nextcloud:deck:1.1.0
-
cpe:2.3:a:nextcloud:deck:1.1.1
-
cpe:2.3:a:nextcloud:deck:1.1.2
-
cpe:2.3:a:nextcloud:deck:1.2.0
-
cpe:2.3:a:nextcloud:deck:1.2.1
-
cpe:2.3:a:nextcloud:deck:1.2.10
-
cpe:2.3:a:nextcloud:deck:1.2.2
-
cpe:2.3:a:nextcloud:deck:1.2.3
-
cpe:2.3:a:nextcloud:deck:1.2.4
-
cpe:2.3:a:nextcloud:deck:1.2.5
-
cpe:2.3:a:nextcloud:deck:1.2.6
-
cpe:2.3:a:nextcloud:deck:1.2.7
-
cpe:2.3:a:nextcloud:deck:1.2.8
-
cpe:2.3:a:nextcloud:deck:1.2.9
-
cpe:2.3:a:nextcloud:deck:1.4.0
-
cpe:2.3:a:nextcloud:deck:1.4.1
-
cpe:2.3:a:nextcloud:deck:1.4.2
-
cpe:2.3:a:nextcloud:deck:1.4.3
-
cpe:2.3:a:nextcloud:deck:1.4.4
-
cpe:2.3:a:nextcloud:deck:1.4.5
-
cpe:2.3:a:nextcloud:deck:1.5.0
-
cpe:2.3:a:nextcloud:deck:1.5.1
-
cpe:2.3:a:nextcloud:deck:1.5.3