ByteOS Network

NVD Vulnerability Details :

CVE-2021-39225

Analyzed

Source-security-advisories@github.com

Published At-25 Oct, 2021 | 22:15

Updated At-25 Apr, 2022 | 18:02

Nextcloud is an open-source, self-hosted productivity platform. A missing permission check in Nextcloud Deck before 1.2.9, 1.4.5 and 1.5.3 allows another authenticated users to access Deck cards of another user. It is recommended that the Nextcloud Deck App is upgraded to 1.2.9, 1.4.5 or 1.5.3. There are no known workarounds aside from upgrading.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	8.1	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Secondary	3.1	8.1	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Primary	2.0	5.5	MEDIUM	AV:N/AC:L/Au:S/C:P/I:P/A:N

Type: Primary

Version: 3.1

Base score: 8.1

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Type: Secondary

Version: 3.1

Base score: 8.1

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Type: Primary

Version: 2.0

Base score: 5.5

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:S/C:P/I:P/A:N

CPE Matches

Nextcloud GmbH

>>deck>>Versions before 1.2.9(exclusive)

cpe:2.3:a:nextcloud:deck:*:*:*:*:*:*:*:*

Nextcloud GmbH

>>deck>>Versions from 1.3.0(inclusive) to 1.4.5(exclusive)

cpe:2.3:a:nextcloud:deck:*:*:*:*:*:*:*:*

Nextcloud GmbH

>>deck>>Versions from 1.5.0(inclusive) to 1.5.3(exclusive)

cpe:2.3:a:nextcloud:deck:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-862	Primary	nvd@nist.gov
CWE-639	Secondary	security-advisories@github.com

CWE ID: CWE-862

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-639

Type: Secondary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/nextcloud/deck/pull/3316	security-advisories@github.com	Patch Third Party Advisory
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2x96-38qg-3m72	security-advisories@github.com	Third Party Advisory
https://hackerone.com/reports/1331728	security-advisories@github.com	Permissions Required Third Party Advisory

Hyperlink: https://github.com/nextcloud/deck/pull/3316

Source: security-advisories@github.com

Resource:

Patch

Third Party Advisory

Hyperlink: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2x96-38qg-3m72

Source: security-advisories@github.com

Resource:

Third Party Advisory

Hyperlink: https://hackerone.com/reports/1331728

Source: security-advisories@github.com

Resource:

Permissions Required

Third Party Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History