VYPR
Unrated severityNVD Advisory· Published Oct 25, 2021· Updated Aug 4, 2024

Missing permission check on Deck API

CVE-2021-39225

Description

Nextcloud is an open-source, self-hosted productivity platform. A missing permission check in Nextcloud Deck before 1.2.9, 1.4.5 and 1.5.3 allows another authenticated users to access Deck cards of another user. It is recommended that the Nextcloud Deck App is upgraded to 1.2.9, 1.4.5 or 1.5.3. There are no known workarounds aside from upgrading.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Nextcloud/Deckllm-fuzzy
    Range: <1.2.9, <1.4.5, <1.5.3
  • nextcloud/security-advisoriesv5
    Range: < 1.2.9

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.