Vulnerabilities > CVE-2023-22471 - Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Deck

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
LOW
network
low complexity
nextcloud
CWE-639
NVD
Published: 2023-01-14
Updated: 2023-01-24

Summary

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Broken access control allows a user to delete attachments of other users. There are currently no known workarounds. It is recommended that the Nextcloud Deck app is upgraded to 1.6.5 or 1.7.3 or 1.8.2.

Vulnerable Configurations

Part Description Count
Application
Nextcloud
110

Common Weakness Enumeration (CWE)

References