CVE-2023-48308
LOW
3,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: required
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: low
Description
AI Translation Available
Nextcloud/Cloud is a calendar app for Nextcloud. An attacker can gain access to stacktrace and internal paths of the server when generating an exception while editing a calendar appointment. It is recommended that the Nextcloud Calendar app is upgraded to 4.5.3
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0027
Percentile
0,5th
Updated
EPSS Score Trend (Last 90 Days)
212
Improper Removal of Sensitive Information Before Storage or Transfer
IncompleteCommon Consequences
Security Scopes Affected:
Confidentiality
Potential Impacts:
Read Files Or Directories
Read Application Data
Applicable Platforms
All platforms may be affected
1258
Exposure of Sensitive System Information Due to Uncleared Debug Information
DraftCommon Consequences
Security Scopes Affected:
Confidentiality
Access Control
Potential Impacts:
Read Memory
Bypass Protection Mechanism
Applicable Platforms
All platforms may be affected
Application
Calendar by Nextcloud
Version Range Affected
From
3.0.0
(inclusive)
To
4.5.3
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:nextcloud:calendar:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/nextcloud/calendar/pull/5553
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-fv3c-…
https://github.com/nextcloud/calendar/pull/5553
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-fv3c-…