← voltar
CVE-2023-33183

Error in calendar when booking an appointment reveals the full path of the website

CVSS 2.6 LOWEPSS 0.4%CWE-285
Vexday Risk Score
8Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 2.6EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
30 mai 2023Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Calendar app for Nextcloud easily sync events from various devices with your Nextcloud. Some internal paths of the website are disclosed when the SMTP server is unavailable. It is recommended that the Calendar app is updated to 3.5.5 or 4.2.3
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
Produtos afetados
nextcloud · security-advisories

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/nextcloud/calendar/pull/4938https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2792-2734-hr7j