Section1

**Name of the Vulnerable Software and Affected Versions** Nextcloud Server versions prior to 27.1.10 Nextcloud Server versions prior to 28.0.6 Nextcloud Server versions prior to 29.0.1 Nextcloud Enterprise Server versions prior to 27.1.10 Nextcloud Enterprise Server versions prior to 28.0.6 Nextcloud Enterprise Server versions prior to 29.0.1 **Description** The issue is related to incorrect access control in the Calendar component of Nextcloud Server, allowing sharees to read private shared calendar events' recurrence exceptions. This can enable a remote attacker to access confidential information. **Recommendations** For Nextcloud Server versions prior to 27.1.10, upgrade to version 27.1.10 or later. For Nextcloud Server versions prior to 28.0.6, upgrade to version 28.0.6 or later. For Nextcloud Server versions prior to 29.0.1, upgrade to version 29.0.1 or later. For Nextcloud Enterprise Server versions prior to 27.1.10, upgrade to version 27.1.10 or later. For Nextcloud Enterprise Server versions prior to 28.0.6, upgrade to version 28.0.6 or later. For Nextcloud Enterprise Server versions prior to 29.0.1, upgrade to version 29.0.1 or later.