Arbitrary POST Request Vulnerability in Deck Integration with Nextcloud

Arbitrary POST Request Vulnerability in Deck Integration with Nextcloud

CVE-2023-22472 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. It is possible to make a user send any POST request with an arbitrary body given they click on a malicious deep link on a Windows computer. (e.g. in an email, chat link, etc). There are currently no known workarounds. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.2.

Learn more about our Cis Benchmark Audit For Desktop Software.