CVE-2023-22470

Summary

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A database error can be generated potentially causing a DoS when performed multiple times. There are currently no known workarounds. It is recommended that the Nextcloud Server is upgraded to 1.6.5 or 1.7.3 or 1.8.2.

Affected Software

VendorProductVersion RangeStatus
nextcloudsecurity-advisories>= 1.6.0, < 1.6.5affected
nextcloudsecurity-advisories>= 1.7.0, < 1.7.3affected
nextcloudsecurity-advisories>= 1.8.0, < 1.8.2affected

Weaknesses

  • CWE-400: CWE-400: Uncontrolled Resource Consumption

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References