Skip to content

Nextcloud deck sharee search leaks searches to lookupserver by default

Low
LukasReschke published GHSA-h8f6-wg82-6p7r Jun 1, 2021

Package

Nextcloud Deck

Affected versions

< 1.2.7, < 1.4.2

Patched versions

1.2.7, 1.4.2

Description

Impact

Searches for sharees are performed by default on the lookup server in the Nextcloud Deck app before 1.2.7 and 1.4.2. This breaks the expectation that searches are only on the local Nextcloud server unless a global search has been explicitly chosen by the user.

Patches

It is recommended that the Nextcloud Deck App is upgraded to 1.2.7 or 1.4.2

Workarounds

None.

References

For more information

If you have any questions or comments about this advisory:

Severity

Low

CVE ID

CVE-2021-22913

Weaknesses

Credits