← back
CVE-2023-33183

Error in calendar when booking an appointment reveals the full path of the website

CVSS 2.6 LOWEPSS 0.4%CWE-285
Vexday Risk Score
8Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 2.6EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
30 May 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Calendar app for Nextcloud easily sync events from various devices with your Nextcloud. Some internal paths of the website are disclosed when the SMTP server is unavailable. It is recommended that the Calendar app is updated to 3.5.5 or 4.2.3
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
Affected products
nextcloud · security-advisories

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/nextcloud/calendar/pull/4938https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2792-2734-hr7j