CVE-2022-24906

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-24906

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-24906.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-24906

Aliases

GHSA-hx9w-xfrg-2qvp

Published

2022-05-20T15:40:17Z

Modified

2026-04-10T04:45:39.808161Z

Severity

3.5 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Error in deleting deck cards attachment reveals the full application path in Nextcloud Deck

Details

Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud, similar to Trello. The full path of the application is exposed to unauthorized users. It is recommended that the Nextcloud Deck app is upgraded to 1.2.11, 1.4.6, or 1.5.4. There is no workaround available.

Database specific

{
    "cwe_ids": [
        "CWE-200"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/24xxx/CVE-2022-24906.json",
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/nextcloud/deck

Affected ranges

Type

GIT

Repo

https://github.com/nextcloud/deck

Events

Introduced

Fixed

f05a1c5dadd9044237a5d3f3e70526e9f6d43477

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.2.11"
        }
    ]
}

Type

GIT

Repo

https://github.com/nextcloud/deck

Events

Introduced

0cd1d8c1485406760a980ae62632ca4f2b60079e

Fixed

ca22b0ad2c646e9a0124d432c2d5da1d9b855cd1

Database specific

{
    "versions": [
        {
            "introduced": "1.4.0"
        },
        {
            "fixed": "1.4.6"
        }
    ]
}

Type

GIT

Repo

https://github.com/nextcloud/deck

Events

Introduced

45a10f084043d311aee8b2e089f357e7637e39dc

Fixed

35515ce157c8f493908256914e763becc6c837d0

Database specific

{
    "versions": [
        {
            "introduced": "1.5.0"
        },
        {
            "fixed": "1.5.4"
        }
    ]
}

Affected versions

v0.*

v0.1.0

v0.1.1

v0.1.2

v0.1.3

v0.1.4

v0.2.0

v0.2.1

v0.2.2

v0.3.0

v0.3.0-beta1

v0.3.1

v0.4.0

v0.4.0-beta1

v0.4.0-beta2

v0.4.0-beta3

v0.4.0-beta4

v0.4.0-beta5

v0.4.1

v0.5.0

v0.5.0-beta1

v0.5.0-rc1

v0.5.0-rc2

v0.5.1

v0.5.2

v0.6.0

v0.6.0-beta1

v0.6.0-beta2

v0.6.1

v0.6.2

v0.6.3

v0.6.4

v0.6.5

v0.6.6

v0.7.0

v0.8.0

v0.8.3

v1.*

v1.0.0

v1.0.0-beta1

v1.0.0-beta2

v1.0.1

v1.0.2

v1.0.3

v1.0.4

v1.0.5

v1.1.0-beta1

v1.1.0-beta2

v1.2.0

v1.2.0-beta1

v1.2.1

v1.2.10

v1.2.2

v1.2.3

v1.2.4

v1.2.5

v1.2.6

v1.2.7

v1.2.8

v1.2.9

v1.4.0

v1.4.1

v1.4.2

v1.4.3

v1.4.4

v1.4.5

v1.5.0

v1.5.1

v1.5.2

v1.5.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-24906.json"