diff options
Diffstat (limited to 'old/server/nc-sa-2020-013.json')
-rw-r--r-- | old/server/nc-sa-2020-013.json | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/old/server/nc-sa-2020-013.json b/old/server/nc-sa-2020-013.json new file mode 100644 index 0000000..e0f6b5a --- /dev/null +++ b/old/server/nc-sa-2020-013.json @@ -0,0 +1,40 @@ +{ + "Title": "Event details leaked when sharing a non-public calendar event", + "Timestamp": 1542240000, + "Risk": 1, + "CVSS3": { + "score": 4.8, + "vector": "AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N" + }, + "CWE": { + "id": 281, + "name": "Improper Preservation of Permissions" + }, + "HackerOne": 439828, + "Affected":[ + { + "Version":"14.0.4", + "CVE":"CVE-2020-8117", + "Operator":"<" + }, + { + "Version":"13.0.8", + "CVE":"CVE-2020-8117", + "Operator":"<" + }, + { + "Version":"12.0.13", + "CVE":"CVE-2020-8117", + "Operator":"<" + } + ], + "Description":"Improper preservation of permissions in Nextcloud Server 14.0.3 causes the event details to be leaked when sharing a non-public event.", + "ActionTaken": "The error has been fixed.", + "Acknowledgment":[ + { + "Name": "NA", + "Reason": "Vulnerability discovery and disclosure." + } + ], + "Resolution": "It is recommended that the Nextcloud Server is upgraded to 14.0.4." +} |