CVE-2017-0894

Name of the Vulnerable Software and Affected Versions Nextcloud Server versions prior to 11.0.3

Description The issue is related to a logical error that leads to the disclosure of valid share tokens for public calendars. This could potentially allow an attacker to access publicly shared calendars without knowing the share token.

Recommendations For versions prior to 11.0.3, update to version 11.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to publicly shared calendars until the update is applied.