Lucene search
JuliushaertlH1:203594HistoryFeb 05, 2017 - 11:50 a.m.
Nextcloud: Calendar and addressbook names disclosed (NC-SA-2017-012)
2017-02-0511:50:50
juliushaertl
hackerone.com
$183
63
EPSS
0.001
Percentile
21.6%
#Calendar and addressbook names disclosed (NC-SA-2017-012)
Risk level: Low**CVSS v3 Base Score:**3.5 (AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N)CWE: Information Exposure Through Directory Listing (CWE-548)
#Description
A logical error caused disclosure of calendar and addressbook names to other logged-in users. Note that no actual content of the calendar and adressbook has been disclosed.
#Affected Software
- Nextcloud Server < 11.0.2 (CVE-2017-0895)
- Nextcloud Server < 10.0.4 (CVE-2017-0895)
#Action Taken
The error has been fixed and regression tests been added.
#Acknowledgements
The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:
- Julius Hรคrtl - Vulnerability discovery and disclosure.
Related
nvd
nvd
CVE-2017-0895
2017-05-08 20:29:00
cvelist
cvelist
CVE-2017-0895
2017-05-08 20:00:00
cve
cve
CVE-2017-0895
2017-05-08 20:29:00
prion
prion
Design/Logic Flaw
2017-05-08 20:29:00
openvas
openvas
osv
osv
CVE-2017-0895
2017-05-08 20:29:00
nextcloud
nextcloud
Calendar and addressbook names disclosed (NC-SA-2017-012)
2017-05-08 00:00:00