diff options
author | Morris Jobke <hey@morrisjobke.de> | 2018-10-30 14:09:13 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-10-30 14:09:13 +0300 |
commit | 6d93c1b5e6b97dacb7a73b99c1e3be9ef593ac08 (patch) | |
tree | 85abe9188d7f5dcefc0e6112d0fc8735b1c2837f /advisories/nc-sa-2017-011.php | |
parent | ee16b310d2eb48f91e09a3c7676c8a6e32f82107 (diff) | |
parent | 1915c70314fd6826df261e10b0052d0a353b2e02 (diff) |
Merge pull request #987 from nextcloud/update-advisories
Show resolution and remove unneeded duplicate paragraph
Diffstat (limited to 'advisories/nc-sa-2017-011.php')
-rw-r--r-- | advisories/nc-sa-2017-011.php | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/advisories/nc-sa-2017-011.php b/advisories/nc-sa-2017-011.php index 66adc256..09c00c16 100644 --- a/advisories/nc-sa-2017-011.php +++ b/advisories/nc-sa-2017-011.php @@ -13,16 +13,16 @@ <p>CWE: <a href="https://cwe.mitre.org/data/definitions/548.html">Information Exposure Through Directory Listing (CWE-548)</a></p> <p>HackerOne report: <a href="https://hackerone.com/reports/218876">218876</a></p> <h3>Description</h3> - <p><p>A logical error caused disclosure of valid share tokens for public calendars. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token.</p> -</p> + <p>A logical error caused disclosure of valid share tokens for public calendars. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token.</p> <h3>Affected Software</h3> <ul> <li>Nextcloud Server < <strong>11.0.3</strong> (CVE-2017-0894)</li> </ul> <h3>Action Taken</h3> - <p><p>The error has been fixed and regression tests been added.</p> -</p> + <p>The error has been fixed and regression tests been added.</p> + <h3>Resolution</h3> + <p>It is recommended that all instances are upgraded to Nextcloud 11.0.3.</p> <h3>Acknowledgements</h3> <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p> <ul> |