cvedb.io
CVE-2021-39225
HIGH · CVSS 8.1
EPSS exploitation probability: 0%
Published 2021-10-25T22:15:07.647 · Last modified 2026-06-17T04:03:21.013

Summary

Nextcloud is an open-source, self-hosted productivity platform. A missing permission check in Nextcloud Deck before 1.2.9, 1.4.5 and 1.5.3 allows another authenticated users to access Deck cards of another user. It is recommended that the Nextcloud Deck App is upgraded to 1.2.9, 1.4.5 or 1.5.3. There are no known workarounds aside from upgrading.

Affected products

nextcloud — deck

Does this affect you?

Add your gear to cvedb and we'll alert you only when nextcloud ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.