CVE-2023-22469
Summary
| CVE | CVE-2023-22469 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-01-10 21:15:00 UTC |
| Updated | 2023-11-07 04:06:00 UTC |
| Description | Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. When getting the reference preview for Deck cards the user has no access to, unauthorized user could eventually get the cached data of a user that has access. There are currently no known workarounds. It is recommended that the Nextcloud app Deck is upgraded to 1.8.2. |
Risk And Classification
Problem Types: CWE-922
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Deck card reference caching can leak data to unauthorized users · Advisory · nextcloud/security-advisories · GitHub | MISC | github.com | |
| Add missing userId property by juliushaertl · Pull Request #4196 · nextcloud/deck · GitHub | MISC | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.