Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure of calendar and addressbook names to other logged-in users. Note that no actual content of the calendar and addressbook has been disclosed.
References
Link | Resource |
---|---|
https://hackerone.com/reports/203594 | Third Party Advisory VDB Entry |
https://nextcloud.com/security/advisory/?id=nc-sa-2017-012 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: hackerone
Published: 2017-05-08T20:00:00
Updated: 2017-05-08T19:57:01
Reserved: 2016-11-30T00:00:00
Link: CVE-2017-0895
JSON object: View
NVD Information
Status : Modified
Published: 2017-05-08T20:29:00.367
Modified: 2019-10-09T23:21:08.963
Link: CVE-2017-0895
JSON object: View
Redhat Information
No data.