VYPR
Unrated severityNVD Advisory· Published Jan 9, 2023· Updated Mar 10, 2025

Nextcloud Deck Desktop Client is vulnerable to Cross-Site Request Forgery (CSRF) via malicious link

CVE-2023-22472

Description

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. It is possible to make a user send any POST request with an arbitrary body given they click on a malicious deep link on a Windows computer. (e.g. in an email, chat link, etc). There are currently no known workarounds. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.2.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Nextcloud/Deckllm-fuzzy
  • nextcloud/security-advisoriesv5
    Range: <= 3.6.1

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.