PT-2023-24200 · Nextcloud+1 · Nextcloud Calendar+1
Themarkib
·
Published
2023-02-01
·
Updated
2025-04-17
·
CVE-2023-33183
CVSS v2.0
4.0
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Nextcloud Calendar app versions prior to 3.5.5
Nextcloud Calendar app versions prior to 4.2.3
Description
The issue concerns the disclosure of internal website paths when the SMTP server is unavailable. This affects the functionality of the Calendar app in syncing events across devices.
Recommendations
For versions prior to 3.5.5, update to version 3.5.5.
For versions prior to 4.2.3, update to version 4.2.3.
Exploit
Fix
Improper Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nextcloud Calendar
Red Os