PT-2017-10695 · Nextcloud · Nextcloud Server

Lukas Reschke

Publicado

2017-05-08

Atualizado

2022-09-27

CVE-2017-0894

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Nextcloud Server versions prior to 11.0.3

Description The issue is related to a logical error that leads to the disclosure of valid share tokens for public calendars. This could potentially allow an attacker to access publicly shared calendars without knowing the share token.

Recommendations For versions prior to 11.0.3, update to version 11.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to publicly shared calendars until the update is applied.

Correção

Improper Authorization

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-285CWE-863

Identificadores relacionados

CVE-2017-0894

Produtos afetados

Nextcloud Server

PT-2017-10695 · Nextcloud · Nextcloud Server

CVE-2017-0894

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6