Information disclosure in Nextcloud Deck

CVE-2022-24906

Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud, similar to Trello. The full path of the application is exposed to unauthorized users. It is recommended that the Nextcloud Deck app is upgraded to 1.2.11, 1…

Vulnerability class: Information Disclosure

EPSS: 0.010 (58.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.5 (Low). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2022-24906?
CVE-2022-24906 is a low-severity vulnerability in Nextcloud Deck, classified under Information Disclosure. CVSS score: 3.5/10. Published 2022-05-20.
How severe is CVE-2022-24906?
Low severity. CVSS v3 base score is 3.5 out of 10.