CVE-2023-22469 MEDIUM

CVE-2023-22469: Nextcloud Deck card vulnerable to data leak to unauthorized users via reference preview cache

Vendor Nextcloud
Product security-advisories
Weakness CWE-922
Published January 10, 2023
Last update March 10, 2025

CVSS base score

5.8/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. When getting the reference preview for Deck cards the user has no access to, unauthorized user could eventually get the cached data of a user that has access. There are currently no known workarounds. It is recommended that the Nextcloud app Deck is upgraded to 1.8.2.

Key dates

02Disclosure timeline

January 10, 2023 CVE published
March 10, 2025 Record updated