Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2023-22469 | First vendor Publication | 2023-01-10 |
| Vendor | Cve | Last vendor Modification | 2023-11-07 |
Security-Database Scoring CVSS v3
| Cvss vector : CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N | |||
|---|---|---|---|
| Overall CVSS Score | 3.5 | ||
| Base Score | 3.5 | Environmental Score | 3.5 |
| impact SubScore | 1.4 | Temporal Score | 3.5 |
| Exploitabality Sub Score | 2.1 | ||
| Attack Vector | Network | Attack Complexity | Low |
| Privileges Required | Low | User Interaction | Required |
| Scope | Unchanged | Confidentiality Impact | Low |
| Integrity Impact | None | Availability Impact | None |
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : | |||
|---|---|---|---|
| Cvss Base Score | N/A | Attack Range | N/A |
| Cvss Impact Score | N/A | Attack Complexity | N/A |
| Cvss Expoit Score | N/A | Authentication | N/A |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. When getting the reference preview for Deck cards the user has no access to, unauthorized user could eventually get the cached data of a user that has access. There are currently no known workarounds. It is recommended that the Nextcloud app Deck is upgraded to 1.8.2. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22469 |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 3 |
Sources (Detail)
| Source | Url |
|---|---|
| MISC | https://github.com/nextcloud/deck/pull/4196 https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8fj... |
Alert History
| Date | Informations |
|---|---|
| 2023-11-07 21:30:35 |
|
| 2023-01-14 09:27:20 |
|
| 2023-01-11 21:27:18 |
|
| 2023-01-11 00:27:16 |
|
