Unrated severityNVD Advisory· Published May 20, 2022· Updated Apr 22, 2025
Error in deleting deck cards attachment reveals the full application path in Nextcloud Deck
CVE-2022-24906
Description
Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud, similar to Trello. The full path of the application is exposed to unauthorized users. It is recommended that the Nextcloud Deck app is upgraded to 1.2.11, 1.4.6, or 1.5.4. There is no workaround available.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- nextcloud/security-advisoriesv5Range: < 1.2.11
Patches
Vulnerability mechanics
References
3- github.com/nextcloud/deck/pull/3384mitrex_refsource_MISC
- github.com/nextcloud/security-advisories/security/advisories/GHSA-hx9w-xfrg-2qvpmitrex_refsource_CONFIRM
- hackerone.com/reports/1354334mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.