Products
Nextcloud Calendar App
- 4.6.8
- 4.7.2
Source
security-advisories@github.com
Tags
CVE-2024-37316 details
Published : June 14, 2024, 4:15 p.m.
Last Modified : June 14, 2024, 4:15 p.m.
Last Modified : June 14, 2024, 4:15 p.m.
Description
Nextcloud Calendar is a calendar app for Nextcloud. Authenticated users could create an event with manipulated attachment data leading to a bad redirect for participants when clicked. It is recommended that the Nextcloud Calendar App is upgraded to 4.6.8 or 4.7.2.
CVSS Score
| 1 | 2 | 3 | 4.6 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
Base Score
4.6
Exploitability Score
Impact Score
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
References
| URL | Source |
|---|---|
| https://github.com/nextcloud/calendar/pull/5966 | security-advisories@github.com |
| https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2r7q-vfmv-79qf | security-advisories@github.com |
| https://hackerone.com/reports/2457588 | security-advisories@github.com |
This website uses the NVD API, but is not approved or certified by it.