4.3

CVE-2023-33183

Error in calendar when booking an appointment reveals the full path of the website

Error in calendar when booking an appointment reveals the full path of the website

Calendar app for Nextcloud easily sync events from various devices with your Nextcloud. Some internal paths of the website are disclosed when the SMTP server is unavailable. It is recommended that the Calendar app is updated to 3.5.5 or 4.2.3
Mögliche Gegenmaßnahme
Calendar: * Disable the Calendar app * Disable appointment bookings in Calendar app * Ensure proper SMTP config
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NextcloudCalendar Version < 3.5.5
NextcloudCalendar Version >= 4.0.0 < 4.2.3
Weitere Schwachstelleninformationen
SystemNextcloud App
Produkt Calendar
Version >= 0.0.0, < 3.5.5
Version >= 4.2.0, < 4.2.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.23% 0.454
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
security-advisories@github.com 2.6 1.2 1.4
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.