PT-2023-30770 · Nextcloud · Nextcloud Calendar

Nvz0X

Publicado

2023-12-21

Atualizado

2024-01-09

CVE-2023-48308

CVSS v3.1

3.5

Baixa

Vetor

AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions Nextcloud Calendar app versions prior to 4.5.3

Description An issue exists where an attacker can gain access to the stacktrace and internal paths of the server when generating an exception while editing a calendar appointment.

Recommendations For versions prior to 4.5.3, upgrade the Nextcloud Calendar app to version 4.5.3 to resolve the issue. As a temporary workaround, consider restricting access to the calendar editing feature until the upgrade is applied.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-212CWE-1258

Identificadores relacionados

CVE-2023-48308

GHSA-FV3C-QVJR-5RV8

Produtos afetados

Nextcloud Calendar

PT-2023-30770 · Nextcloud · Nextcloud Calendar

CVE-2023-48308

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7