CVE-2023-33183

Error in calendar when booking an appointment reveals the full path of the website

CVSS 2.6 LOWEPSS 0.4%CWE-285

Calendar app for Nextcloud easily sync events from various devices with your Nextcloud. Some internal paths of the website are disclosed when the SMTP server is unavailable. It is recommended that the Calendar app is updated to 3.5.5 or 4.2.3

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N

Affected products

nextcloud · security-advisories

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/nextcloud/calendar/pull/4938 https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2792-2734-hr7j