| Severity |
|
| Remote |
|
| Type |
| - |
Unknown |
| + |
Information disclosure |
|
| Description |
| + |
In Nextcloud Deck before version 1.5.1, the application didn't properly check membership of users in a Circle. This allowed other users in the instance to gain access to boards that have been shared with a Circle, even if the user was not a member of the circle. |
|
| References |
| + |
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4mxp-j277-82hr |
| + |
https://hackerone.com/reports/1280931 |
| + |
https://hackerone.com/reports/1256021 |
| + |
https://github.com/nextcloud/deck/pull/3217 |
| + |
https://github.com/nextcloud/deck/commit/958d50d9b72e995e9e580dcf5cca9f274f2cd1f4 |
|
| Notes |
|