Lucene search
Lukas Reschke – Nextcloud GmbH ([email protected]) – Vulnerability discovery and disclosure.OWNCLOUD:EED1285405D5BABA997E1612903FC5CCHistoryMay 31, 2017 - 11:39 a.m.
Share tokens for public calendars disclosed - ownCloud
2017-05-3111:39:30
Lukas Reschke – Nextcloud GmbH ([email protected]) – Vulnerability discovery and disclosure.
owncloud.org
507
EPSS
0.001
Percentile
32.4%
A logical error caused disclosure of valid share tokens for public calendars. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token.
Affected Software
- ownCloud Server < 10.0.2 (CVE-2017-9339)
Action Taken
The error has been fixed and regression tests been added.
Acknowledgements
The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:
- Lukas Reschke - Nextcloud GmbH ([email protected]) - Vulnerability discovery and disclosure.
This advisory is licensed CC BY-SA 4.0. Original source: nextcloud.com
Related
owncloud
owncloud
Share tokens for public calendars disclosed - ownCloud security advisory
2017-05-31 00:00:00
Server: Share tokens for public calendars disclosed
2017-05-31 10:39:57
ubuntucve
ubuntucve
CVE-2017-9339
2017-07-17 00:00:00
prion
prion
Code injection
2017-07-17 21:29:00
osv
osv
CVE-2017-9339
2017-07-17 21:29:00
cve
cve
CVE-2017-9339
2017-07-17 21:29:00
nvd
nvd
CVE-2017-9339
2017-07-17 21:29:00
cvelist
cvelist
CVE-2017-9339
2017-07-17 21:00:00
openvas
openvas
ownCloud Multiple Vulnerabilities (May 2017)
2017-07-19 00:00:00