CVE-2024-37883

June 14, 2024, 4:15 p.m.

4.3
Medium

Description

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A user with access to a deck board was able to access comments and attachments of already deleted cards. It is recommended that the Nextcloud Deck app is upgraded to 1.6.6 or 1.7.5 or 1.8.7 or 1.9.6 or 1.11.3 or 1.12.1.

Product(s) Impacted

Product Versions
Nextcloud Deck
  • ['1.6.6', '1.7.5', '1.8.7', '1.9.6', '1.11.3', '1.12.1']

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://github.com/nextcloud/deck/pull/5423
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-x45g-vx69-r9m8
https://hackerone.com/reports/2289333

Tags

CWE-284
security-advisories@github.com
2024-06-14
CVE-2024-37883

CVSS Score

4.3 / 10

CVSS Data - 3.1

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: LOW
  • Integrity Impact: NONE
  • Availability Impact: NONE

    • CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

    View Vector String

Timeline

Published: June 14, 2024, 4:15 p.m.
Last Modified: June 14, 2024, 4:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security-advisories@github.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.