Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Nextcloud Deck card vulnerable to data leak to unauthorized users via reference preview cache
Vulnerability Description
Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. When getting the reference preview for Deck cards the user has no access to, unauthorized user could eventually get the cached data of a user that has access. There are currently no known workarounds. It is recommended that the Nextcloud app Deck is upgraded to 1.8.2.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N
Vulnerability Type
敏感信息的不安全存储
Vulnerability Title
Nextcloud 安全漏洞
Vulnerability Description
Nextcloud是德国Nextcloud公司的一套开源的自托管文件同步和共享的通信应用平台。 Nextcloud Deck 1.8.2之前版本存在安全漏洞,该漏洞源于在获取用户无权访问的 Deck 卡的参考预览时,未经授权的用户最终可能会获得用户的缓存数据。
CVSS Information
N/A
Vulnerability Type
N/A