GitHub_MCVELIST:CVE-2024-37887CVE-2024-37887 Nextcloud Server's events information leaked with shared calendars on recurrence exceptions
3.5 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
0.0004 Low
EPSS
Percentile
15.5%
Nextcloud Server is a self hosted personal cloud system. Private shared calendar events’ recurrence exceptions can be read by sharees. It is recommended that the Nextcloud Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1 and that the Nextcloud Enterprise Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1.
CNA Affected
[
{
"vendor": "nextcloud",
"product": "security-advisories",
"versions": [
{
"version": ">= 27.0.0, < 27.1.10",
"status": "affected"
},
{
"version": ">= 27.0.0, < 28.0.6",
"status": "affected"
},
{
"version": ">= 27.0.0, < 29.0.1",
"status": "affected"
}
]
}
]Related
3.5 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
0.0004 Low
EPSS
Percentile
15.5%