CVE-2023-22471 LOW

CVE-2023-22471: Nextcloud Deck vulnerable to authorization bypass

Vendor Nextcloud
Product security-advisories
Weakness CWE-639 · IDOR
Published January 14, 2023
Last update March 10, 2025
View on NVD All CVEs

CVSS base score

3.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Broken access control allows a user to delete attachments of other users. There are currently no known workarounds. It is recommended that the Nextcloud Deck app is upgraded to 1.6.5 or 1.7.3 or 1.8.2.

Key dates

02Disclosure timeline

January 14, 2023 CVE published
March 10, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2022-0266 Authorization Bypass Through User-Controlled Key in livehelperchat/livehelperchat CVE-2025-53208 WordPress Maya Business <= 1.2.0 - Insecure Direct Object References (IDOR) Vulnerability CVE-2025-54691 WordPress Motors Plugin plugin <= 1.4.80 - Insecure Direct Object References (IDOR) Vulnerability CVE-2025-8447 Incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed read-only access CVE-2022-2877 Titan Anti-spam & Security < 7.3.1 - Protection Bypass due to IP Spoofing