Information disclosure in Nextcloud Deck
CVE-2022-24906
Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud, similar to Trello. The full path of the application is exposed to unauthorized users. It is recommended that the Nextcloud Deck app is upgraded to 1.2.11, 1…
Vulnerability class: Information Disclosure
EPSS: 0.010 (58.9th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 3.5 (Low). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N.
Affected products
- Nextcloud Deck
- Nextcloud Security-advisories — versions < 1.2.11, >= 1.4.0, < 1.4.6, >= 1.5.0, < 1.5.4
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM, Exploit, Third Party Advisory, Issue Tracking)
- security-advisories@github.com (Patch, Third Party Advisory, x_refsource_MISC, Issue Tracking)
- security-advisories@github.com (Exploit, Third Party Advisory, x_refsource_MISC, Issue Tracking)
Frequently asked questions
- What is CVE-2022-24906?
- CVE-2022-24906 is a low-severity vulnerability in Nextcloud Deck, classified under Information Disclosure. CVSS score: 3.5/10. Published 2022-05-20.
- How severe is CVE-2022-24906?
- Low severity. CVSS v3 base score is 3.5 out of 10.