Unrated severityNVD Advisory· Published Jun 14, 2024· Updated Aug 2, 2024
Nextcloud Deck can access comments and attachments of deleted cards
CVE-2024-37883
Description
Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A user with access to a deck board was able to access comments and attachments of already deleted cards. It is recommended that the Nextcloud Deck app is upgraded to 1.6.6 or 1.7.5 or 1.8.7 or 1.9.6 or 1.11.3 or 1.12.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- nextcloud/security-advisoriesv5Range: >= 1.6.0, < 1.6.6
Patches
Vulnerability mechanics
References
3- github.com/nextcloud/deck/pull/5423mitrex_refsource_MISC
- github.com/nextcloud/security-advisories/security/advisories/GHSA-x45g-vx69-r9m8mitrex_refsource_CONFIRM
- hackerone.com/reports/2289333mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.