Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Nextcloud Deck Desktop Client is vulnerable to Cross-Site Request Forgery (CSRF) via malicious link
Vulnerability Description
Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. It is possible to make a user send any POST request with an arbitrary body given they click on a malicious deep link on a Windows computer. (e.g. in an email, chat link, etc). There are currently no known workarounds. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.2.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
Deck 跨站请求伪造漏洞
Vulnerability Description
Deck是一个看板风格的组织工具。旨在为与 Nextcloud 集成的团队进行个人规划和项目组织。 Deck存在跨站请求伪造漏洞。攻击者利用该漏洞可以使用任意主体发送任何POST请求。
CVSS Information
N/A
Vulnerability Type
N/A