Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/nextcloud/security-advisories.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/old/server/nc-sa-2017-011.json
diff options
context:
space:
mode:
Diffstat (limited to 'old/server/nc-sa-2017-011.json')
-rw-r--r--old/server/nc-sa-2017-011.json32
1 files changed, 32 insertions, 0 deletions
diff --git a/old/server/nc-sa-2017-011.json b/old/server/nc-sa-2017-011.json
new file mode 100644
index 0000000..25575d8
--- /dev/null
+++ b/old/server/nc-sa-2017-011.json
@@ -0,0 +1,32 @@
+{
+ "Title": "Share tokens for public calendars disclosed",
+ "Timestamp": 1494244800,
+ "Risk": 2,
+ "CVSS3": {
+ "score": 4.3,
+ "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
+ },
+ "CWE": {
+ "id": 548,
+ "name": "Information Exposure Through Directory Listing"
+ },
+ "HackerOne": 218876,
+ "Affected":[
+ {
+ "Version":"11.0.3",
+ "CVE":"CVE-2017-0894",
+ "Operator":"<"
+ }
+ ],
+ "Description":"A logical error caused disclosure of valid share tokens for public calendars. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token.",
+ "ActionTaken": "The error has been fixed and regression tests been added.",
+ "Acknowledgment":[
+ {
+ "Name": "Lukas Reschke",
+ "Mail": "lukas@nextcloud.com",
+ "Company": "Nextcloud GmbH",
+ "Reason": "Vulnerability discovery and disclosure."
+ }
+ ],
+ "Resolution": "It is recommended that all instances are upgraded to Nextcloud 11.0.3."
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-20 19:23:32 +0300