Unrated severityNVD Advisory· Published Jan 9, 2023· Updated Mar 10, 2025
Nextcloud Deck Desktop Client is vulnerable to Cross-Site Request Forgery (CSRF) via malicious link
CVE-2023-22472
Description
Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. It is possible to make a user send any POST request with an arbitrary body given they click on a malicious deep link on a Windows computer. (e.g. in an email, chat link, etc). There are currently no known workarounds. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- nextcloud/security-advisoriesv5Range: <= 3.6.1
Patches
Vulnerability mechanics
References
2- github.com/nextcloud/desktop/pull/5106mitrex_refsource_MISC
- github.com/nextcloud/security-advisories/security/advisories/GHSA-4gfv-xqpx-42qjmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.