Lucene search

[email protected]CVE-2017-0895

HistoryMay 08, 2017 - 8:29 p.m.

CVE-2017-0895

2017-05-0820:29:00

CWE-285

CWE-200

[email protected]

web.nvd.nist.gov

nextcloud

server

vulnerability

cve-2017-0895

disclosure

calendar

addressbook

3.5 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

3.9 Low

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

21.5%

JSON

Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure of calendar and addressbook names to other logged-in users. Note that no actual content of the calendar and addressbook has been disclosed.

Affected configurations

NVD

Node

nextcloudnextcloud_serverRange10.0.0–10.0.4

nextcloudnextcloud_serverRange11.0.0–11.0.2

CPENameOperatorVersion
nextcloud:nextcloud_servernextcloud nextcloud serverlt10.0.4
nextcloud:nextcloud_servernextcloud nextcloud serverlt11.0.2

CPE	Name	Operator	Version
nextcloud:nextcloud_server	nextcloud nextcloud server	lt	10.0.4
nextcloud:nextcloud_server	nextcloud nextcloud server	lt	11.0.2

CNA Affected

[
  {
    "product": "Nextcloud Server",
    "vendor": "Nextcloud",
    "versions": [
      {
        "status": "affected",
        "version": "before 10.0.4 and 11.0.2"
      }
    ]
  }
]