Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Lifecycle Timeline
4DescriptionGitHub Advisory
Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.14.6 and 1.15.2, a bug in the permission logic allowed users with "Can share" permission to modify the permissions of other recipients. This vulnerability is fixed in 1.14.6 and 1.15.2.
Analysis
Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.14.6 and 1.15.2, a bug in the permission logic allowed users with "Can share" permission to modify the permissions of other recipients. This vulnerability is fixed in 1.14.6 and 1.15.2.
Technical ContextAI
This vulnerability is classified as Improper Access Control (CWE-284).
RemediationAI
A vendor patch is available. Apply it as soon as possible and verify the fix.
Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with them with more permiss
Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with N
Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud. Rated medium severity (CVSS 4.3), thi
Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud, similar to Trello. Rated medium sever
Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view a
Nextcloud is an open-source, self-hosted productivity platform. Rated high severity (CVSS 8.1), this vulnerability is re
Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with N
Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integra
Deck is an open source kanban style organization tool aimed at personal planning and project organization for teams inte
Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclosure vulnerability when searches for sharees utiliz
Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integra
Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with N
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-201465