CVE-2022-24906
LOWNextcloud Deck < 1.2.11 - Unauthorized Sensitive Information Exposure via Full Path Disclosure
Title source: llmDescription
Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud, similar to Trello. The full path of the application is exposed to unauthorized users. It is recommended that the Nextcloud Deck app is upgraded to 1.2.11, 1.4.6, or 1.5.4. There is no workaround available.
References (3)
Core 3
Core References
Exploit, Issue Tracking, Third Party Advisory x_refsource_confirm
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hx9w-xfrg-2qvp
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://github.com/nextcloud/deck/pull/3384
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://hackerone.com/reports/1354334
Scores
CVSS v3
3.5
EPSS
0.0027
EPSS Percentile
50.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-209
CWE-200
Status
published
Products (1)
nextcloud/deck
< 1.2.11
Published
May 20, 2022
Tracked Since
Feb 18, 2026