CVE-2023-22471

Summary

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Broken access control allows a user to delete attachments of other users. There are currently no known workarounds. It is recommended that the Nextcloud Deck app is upgraded to 1.6.5 or 1.7.3 or 1.8.2.

Affected Software

VendorProductVersion RangeStatus
nextcloudsecurity-advisories>= 1.60, < 1.6.5affected
nextcloudsecurity-advisories>= 1.7.0, < 1.7.3affected
nextcloudsecurity-advisories>= 1.8.0, < 1.8.2affected

Weaknesses

  • CWE-639: CWE-639: Authorization Bypass Through User-Controlled Key

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References