Unrated severityNVD Advisory· Published Jan 14, 2023· Updated Mar 10, 2025
Nextcloud Deck vulnerable to authorization bypass
CVE-2023-22471
Description
Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Broken access control allows a user to delete attachments of other users. There are currently no known workarounds. It is recommended that the Nextcloud Deck app is upgraded to 1.6.5 or 1.7.3 or 1.8.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- nextcloud/security-advisoriesv5Range: >= 1.60, < 1.6.5
Patches
Vulnerability mechanics
References
2- github.com/nextcloud/deck/pull/4173mitrex_refsource_MISC
- github.com/nextcloud/security-advisories/security/advisories/GHSA-2vw5-pfg6-3wm6mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.