CVE-2021-22913

Sažetak

Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only the local Nextcloud server unless a global search has been explicitly chosen by the user.

Reference

https://hackerone.com/reports/1167958
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h8f6-wg82-6p7r

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

23-06-2021 - 19:16

Objavljeno

11-06-2021 - 16:15