CVE-2023-22470: Nextcloud Deck vulnerable to uncontrolled resource consumption
First published: Sat Jan 14 2023(Updated: )
Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A database error can be generated potentially causing a DoS when performed multiple times. There are currently no known workarounds. It is recommended that the Nextcloud Server is upgraded to 1.6.5 or 1.7.3 or 1.8.2.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nextcloud Deck | <1.6.5 | |
| Nextcloud Deck | >=1.7.0<1.7.3 | |
| Nextcloud Deck | >=1.8.0<1.8.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-22470.
What is the severity level of CVE-2023-22470?
CVE-2023-22470 has a severity level of medium.
What is the affected software for CVE-2023-22470?
The affected software for CVE-2023-22470 is Nextcloud Deck versions 1.6.5 up to exclusive 1.8.2 (inclusive).
What is the impact of CVE-2023-22470?
CVE-2023-22470 can potentially cause a denial-of-service (DoS) when performed multiple times.
Are there any known workarounds for CVE-2023-22470?
There are currently no known workarounds for CVE-2023-22470.
- collector/nvd-index
- agent/type
- agent/references
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/title
- agent/weakness
- agent/remedy
- agent/severity
- agent/last-modified-date
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/nextcloud
- canonical/nextcloud deck
- version/nextcloud deck/1.7.0
- version/nextcloud deck/1.8.0