CVE-2022-29159 MEDIUM

CVE-2022-29159: Possibility for anyone to add a stack with existing tasks on anyone's board in Nextcloud Deck

Vendor Nextcloud
Product security-advisories
Weakness CWE-639 · IDOR
Published May 20, 2022
Last update April 22, 2025

CVSS base score

5.0/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

What the vulnerability does

01Description

Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud. In versions prior to 1.4.8, 1.5.6, and 1.6.1, an authenticated user can move stacks with cards from their own board to a board of another user. The Nextcloud Deck app contains a patch for this issue in versions 1.4.8, 1.5.6, and 1.6.1. There are no known currently-known workarounds available.

Key dates

02Disclosure timeline

May 20, 2022 CVE published
April 22, 2025 Record updated

Related vulnerabilities

04Related CVE