Primary

Context

Nextcloud Deck Permission Modification Vulnerability for 'Can Share' Users

Vulnerability

Patched

A vulnerability in Nextcloud Deck versions 1.14.0 through 1.14.5 and 1.15.0 through 1.15.1 allowed users with 'Can share' permissions to alter the permissions of other recipients. This issue has been addressed in versions 1.14.6 and 1.15.2.

Impact

Exploitation of this vulnerability could lead to unauthorized modification of permissions, allowing users to change the permission levels of others without proper authorization.

Remediation

Users are advised to upgrade Nextcloud Deck to version 1.14.6 or 1.15.2.

Added: Dec 5, 2025, 6:20 PM

Updated: Dec 5, 2025, 6:20 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

5.9

remediation

7.7

relevance

1.3

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

5.9

remediation

7.7

relevance

1.3

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Nextcloud Deck Permission Modification Vulnerability for 'Can Share' Users

Vulnerability

Impact

Remediation

Affected Products

Nextcloud Deck

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating