Lucene search

Ubuntu.comUB:CVE-2017-9339

HistoryJul 17, 2017 - 12:00 a.m.

CVE-2017-9339

2017-07-1700:00:00

ubuntu.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

32.4%

JSON

A logical error in ownCloud Server before 10.0.2 caused disclosure of valid
share tokens for public calendars. Thus granting an attacker potentially
access to publicly shared calendars without knowing the share token.

References

launchpad.net/bugs/cve/CVE-2017-9339

nvd.nist.gov/vuln/detail/CVE-2017-9339

owncloud.org/security/advisory/?id=oc-sa-2017-005

security-tracker.debian.org/tracker/CVE-2017-9339

www.cve.org/CVERecord?id=CVE-2017-9339

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

32.4%

JSON

Related for UB:CVE-2017-9339