CVE-2023-22471

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-22471

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-22471.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-22471

Aliases

GHSA-2vw5-pfg6-3wm6

Published

2023-01-14T00:34:06.722Z

Modified

2025-12-04T23:36:37.073248Z

Severity

3.5 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L CVSS Calculator

Summary

Nextcloud Deck vulnerable to authorization bypass

Details

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Broken access control allows a user to delete attachments of other users. There are currently no known workarounds. It is recommended that the Nextcloud Deck app is upgraded to 1.6.5 or 1.7.3 or 1.8.2.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-639"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/22xxx/CVE-2023-22471.json"
}

References

Affected packages

Git / github.com/nextcloud/deck

Affected ranges

Type

GIT

Repo

https://github.com/nextcloud/deck

Events

Introduced

5e3ddd83fc189b834de090fa8c6a8b52d5ef5a9e

Fixed

b158d794030b37060e02185d99f92f8882bcbe46

Database specific

{
    "versions": [
        {
            "introduced": "1.7.0"
        },
        {
            "fixed": "1.7.3"
        }
    ]
}

Type

GIT

Repo

https://github.com/nextcloud/deck

Events

Introduced

a9921ecdf00a276243f91513b92893df82da5f9a

Fixed

70fa18f1869eca3dca3abdf9ee15698c395473b9

Database specific

{
    "versions": [
        {
            "introduced": "1.8.0"
        },
        {
            "fixed": "1.8.2"
        }
    ]
}

Affected versions

v1.*

v1.7.0

v1.7.1

v1.7.2

v1.8.0

v1.8.1