CVE-2021-37631 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Information disclosure
Description	In Nextcloud Deck before version 1.5.1, the application didn't properly check membership of users in a Circle. This allowed other users in the instance to gain access to boards that have been shared with a Circle, even if the user was not a member of the circle.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2358	nextcloud-app-deck	1:1.5.0-1	1:1.5.1-1	Medium	Fixed

References
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4mxp-j277-82hr https://hackerone.com/reports/1280931 https://hackerone.com/reports/1256021 https://github.com/nextcloud/deck/pull/3217 https://github.com/nextcloud/deck/commit/958d50d9b72e995e9e580dcf5cca9f274f2cd1f4

References

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4mxp-j277-82hr
https://hackerone.com/reports/1280931
https://hackerone.com/reports/1256021
https://github.com/nextcloud/deck/pull/3217
https://github.com/nextcloud/deck/commit/958d50d9b72e995e9e580dcf5cca9f274f2cd1f4