CVE-2021-22913

Summary

Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only the local Nextcloud server unless a global search has been explicitly chosen by the user.

Affected Software

VendorProductVersion RangeStatus
n/aNextcloud DeckFixed in 1.2.7, 1.4.1affected

Weaknesses

  • CWE-200: Information Disclosure (CWE-200)

ADP Enrichment

CVE Program Container

Additional References

References