CVE-2024-37883: Nextcloud Deck can access comments and attachments of deleted cards
First published: Fri Jun 14 2024(Updated: )
Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A user with access to a deck board was able to access comments and attachments of already deleted cards. It is recommended that the Nextcloud Deck app is upgraded to 1.6.6 or 1.7.5 or 1.8.7 or 1.9.6 or 1.11.3 or 1.12.1.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nextcloud Deck | >=1.6.0<1.6.6 | |
| Nextcloud Deck | >=1.7.0<1.7.5 | |
| Nextcloud Deck | >=1.8.0<1.8.7 | |
| Nextcloud Deck | >=1.9.0<1.9.6 | |
| Nextcloud Deck | >=1.11.0<1.11.3 | |
| Nextcloud Deck | =1.12.0 | |
| Nextcloud Deck | =1.12.0-beta1 | |
| Nextcloud Deck | =1.12.0-beta2 | |
| Nextcloud Deck | =1.12.0-beta3 | |
| Nextcloud Deck | =1.12.0-beta4 | |
| Nextcloud Deck | =1.12.0-beta5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/weakness
- agent/title
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/severity
- agent/event
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/remedy
- agent/last-modified-date
- agent/tags
- agent/softwarecombine
- vendor/nextcloud
- canonical/nextcloud deck
- version/nextcloud deck/1.6.0
- version/nextcloud deck/1.7.0
- version/nextcloud deck/1.8.0
- version/nextcloud deck/1.9.0
- version/nextcloud deck/1.11.0
- version/nextcloud deck/1.12.0
- version/nextcloud deck/1.12.0-beta1
- version/nextcloud deck/1.12.0-beta2
- version/nextcloud deck/1.12.0-beta3
- version/nextcloud deck/1.12.0-beta4
- version/nextcloud deck/1.12.0-beta5