Lucene search

GitHub_MVULNRICHMENT:CVE-2024-37887

HistoryJun 14, 2024 - 3:48 p.m.

CVE-2024-37887 Nextcloud Server's events information leaked with shared calendars on recurrence exceptions

2024-06-1415:48:11

CWE-284

GitHub_M

github.com

nextcloud

server

calendar

leakage

cve-2024-37887

upgrade

recurrence exceptions

3.5 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.5%

JSON

Nextcloud Server is a self hosted personal cloud system. Private shared calendar events’ recurrence exceptions can be read by sharees. It is recommended that the Nextcloud Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1 and that the Nextcloud Enterprise Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1.

CNA Affected

[
  {
    "vendor": "nextcloud",
    "product": "security-advisories",
    "versions": [
      {
        "version": ">= 27.0.0, < 27.1.10",
        "status": "affected"
      },
      {
        "version": ">= 27.0.0, < 28.0.6",
        "status": "affected"
      },
      {
        "version": ">= 27.0.0, < 29.0.1",
        "status": "affected"
      }
    ]
  }
]

References

github.com/nextcloud/security-advisories/security/advisories/GHSA-h4xv-cjpm-j595

github.com/nextcloud/server/pull/45309

hackerone.com/reports/2479325

3.5 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.5%

JSON

Related for VULNRICHMENT:CVE-2024-37887