CVE-2023-22469
- Source
- https://cve.org/CVERecord?id=CVE-2023-22469
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-22469.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-22469
- Aliases
-
- GHSA-8fjp-w9gp-j5hq
- Published
- 2023-01-10T20:26:27.108Z
- Modified
- 2026-04-10T04:55:23.690833Z
- Severity
-
- 5.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N CVSS Calculator
- Summary
- Nextcloud Deck card vulnerable to data leak to unauthorized users via reference preview cache
- Details
-
Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. When getting the reference preview for Deck cards the user has no access to, unauthorized user could eventually get the cached data of a user that has access. There are currently no known workarounds. It is recommended that the Nextcloud app Deck is upgraded to 1.8.2.
- Database specific
{ "cwe_ids": [ "CWE-922" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/22xxx/CVE-2023-22469.json", "cna_assigner": "GitHub_M" }- References
Affected packages
Git / github.com/nextcloud/deck
Affected ranges
- Type
- GIT
- Repo
- https://github.com/nextcloud/deck
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v0.*
v0.1.0
v0.1.1
v0.1.2
v0.1.3
v0.1.4
v0.2.0
v0.2.1
v0.2.2
v0.3.0
v0.3.0-beta1
v0.3.1
v0.4.0
v0.4.0-beta1
v0.4.0-beta2
v0.4.0-beta3
v0.4.0-beta4
v0.4.0-beta5
v0.4.1
v0.5.0
v0.5.0-beta1
v0.5.0-rc1
v0.5.0-rc2
v0.5.1
v0.5.2
v0.6.0
v0.6.0-beta1
v0.6.0-beta2
v0.6.1
v0.6.2
v0.6.3
v0.6.4
v0.6.5
v0.6.6
v0.7.0
v0.8.0
v0.8.3
v1.*
v1.0.0
v1.0.0-beta1
v1.0.0-beta2
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.1.0-beta1
v1.1.0-beta2
v1.2.0
v1.2.0-beta1
v1.2.1
v1.2.2
v1.3.0-beta1
v1.3.0-beta2
v1.4.0
v1.6.0-beta1
v1.7.0-beta.1
v1.8.0
v1.8.0-beta.1
v1.8.0-beta.2
v1.8.1