CVE-2022-24906: Error in deleting deck cards attachment reveals the full application path in Nextcloud Deck
First published: Fri May 20 2022(Updated: )
Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud, similar to Trello. The full path of the application is exposed to unauthorized users. It is recommended that the Nextcloud Deck app is upgraded to 1.2.11, 1.4.6, or 1.5.4. There is no workaround available.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nextcloud Deck | <1.2.11 | |
| Nextcloud Deck | >=1.4.0<1.4.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-24906?
CVE-2022-24906 is a vulnerability affecting Nextcloud Deck, a Kanban-style project and personal management tool for Nextcloud.
How does the CVE-2022-24906 vulnerability affect Nextcloud Deck?
The vulnerability exposes the full path of the application to unauthorized users.
What is the severity of CVE-2022-24906?
The severity of CVE-2022-24906 is medium with a CVSS score of 4.3.
How can I fix the CVE-2022-24906 vulnerability in Nextcloud Deck?
To fix the vulnerability, it is recommended to upgrade Nextcloud Deck app to version 1.2.11, 1.4.6, or 1.5.4.
Are there any workarounds available for CVE-2022-24906?
No, there are no workarounds available for CVE-2022-24906.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/severity
- agent/remedy
- agent/title
- agent/author
- agent/tags
- agent/first-publish-date
- agent/description
- agent/event
- vendor/nextcloud
- canonical/nextcloud deck
- version/nextcloud deck/1.4.0
- version/nextcloud deck/1.5.0