diff options
Diffstat (limited to 'old/server/nc-sa-2017-011.json')
-rw-r--r-- | old/server/nc-sa-2017-011.json | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/old/server/nc-sa-2017-011.json b/old/server/nc-sa-2017-011.json new file mode 100644 index 0000000..25575d8 --- /dev/null +++ b/old/server/nc-sa-2017-011.json @@ -0,0 +1,32 @@ +{ + "Title": "Share tokens for public calendars disclosed", + "Timestamp": 1494244800, + "Risk": 2, + "CVSS3": { + "score": 4.3, + "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" + }, + "CWE": { + "id": 548, + "name": "Information Exposure Through Directory Listing" + }, + "HackerOne": 218876, + "Affected":[ + { + "Version":"11.0.3", + "CVE":"CVE-2017-0894", + "Operator":"<" + } + ], + "Description":"A logical error caused disclosure of valid share tokens for public calendars. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token.", + "ActionTaken": "The error has been fixed and regression tests been added.", + "Acknowledgment":[ + { + "Name": "Lukas Reschke", + "Mail": "lukas@nextcloud.com", + "Company": "Nextcloud GmbH", + "Reason": "Vulnerability discovery and disclosure." + } + ], + "Resolution": "It is recommended that all instances are upgraded to Nextcloud 11.0.3." +} |