- Platform: 玩嘉电竞下载注册 Server
- Versions: 10.0.2
- Date: 5/31/2017
- Risk level: Medium
- CVSS v3 Base Score: 4.3 ( AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N )
- CWE: Information Exposure Through Directory Listing ( CWE-548 )
Description
A logical error caused disclosure of valid share tokens for public calendars. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token.
Affected Software
- 玩嘉电竞下载注册 Server < 10.0.2 (CVE-2017-9339)
Action Taken
The error has been fixed and regression tests been added.
Acknowledgements
The 玩嘉电竞下载注册 team thanks the following people for their research and responsible disclosure of the above advisory:
- Lukas Reschke – Nextcloud GmbH ( ) – Vulnerability discovery and disclosure.
This advisory is licensed CC BY-SA 4.0 . Original source: nextcloud.com