CVE-2023-22469
MEDIUMNextcloud Deck < 1.8.2 - Unauthorized Sensitive Information Exposure via Card Reference Preview
Title source: llmDescription
Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. When getting the reference preview for Deck cards the user has no access to, unauthorized user could eventually get the cached data of a user that has access. There are currently no known workarounds. It is recommended that the Nextcloud app Deck is upgraded to 1.8.2.
References (2)
Core 2
Core References
Exploit, Patch, Third Party Advisory x_refsource_confirm
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8fjp-w9gp-j5hq
Patch, Third Party Advisory x_refsource_misc
https://github.com/nextcloud/deck/pull/4196
Scores
CVSS v3
5.8
EPSS
0.0069
EPSS Percentile
47.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-922
Status
published
Products (1)
nextcloud/deck
< 1.8.2
Published
Jan 10, 2023
Tracked Since
Feb 18, 2026