CVE-2022-29159
Possibility for anyone to add a stack with existing tasks on anyone's board in Nextcloud Deck
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud. In versions prior to 1.4.8, 1.5.6, and 1.6.1, an authenticated user can move stacks with cards from their own board to a board of another user. The Nextcloud Deck app contains a patch for this issue in versions 1.4.8, 1.5.6, and 1.6.1. There are no known currently-known workarounds available.
Nextcloud Deck es una herramienta de administraciĆ³n personal y de proyectos de estilo Kanban para Nextcloud. En las versiones anteriores a 1.4.8, 1.5.6 y 1.6.1, un usuario autenticado puede mover pilas con tarjetas de su propio tablero a un tablero de otro usuario. La aplicaciĆ³n Nextcloud Deck contiene un parche para este problema en versiones 1.4.8, 1.5.6 y 1.6.1. No se presentan mitigaciones conocidas actualmente
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-04-13 CVE Reserved
- 2022-05-20 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- 2024-08-11 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-639: Authorization Bypass Through User-Controlled Key
CAPEC
References (3)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vqhf-673w-7r3j | 2024-08-03 | |
https://hackerone.com/reports/1450117 | 2024-08-03 |
URL | Date | SRC |
---|---|---|
https://github.com/nextcloud/deck/pull/3541 | 2022-06-02 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Nextcloud Search vendor "Nextcloud" | Deck Search vendor "Nextcloud" for product "Deck" | < 1.4.8 Search vendor "Nextcloud" for product "Deck" and version " < 1.4.8" | - |
Affected
| ||||||
Nextcloud Search vendor "Nextcloud" | Deck Search vendor "Nextcloud" for product "Deck" | >= 1.5.0 < 1.5.6 Search vendor "Nextcloud" for product "Deck" and version " >= 1.5.0 < 1.5.6" | - |
Affected
| ||||||
Nextcloud Search vendor "Nextcloud" | Deck Search vendor "Nextcloud" for product "Deck" | >= 1.6.0 < 1.6.1 Search vendor "Nextcloud" for product "Deck" and version " >= 1.6.0 < 1.6.1" | - |
Affected
|