CVE-2021-22913

EPSS 1.4%CWE-200

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 1.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

11 Jun 2021Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only the local Nextcloud server unless a global search has been explicitly chosen by the user.

Affected products

n/a · Nextcloud Deck

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h8f6-wg82-6p7r https://hackerone.com/reports/1167958