Nextcloud Server before 11.0.3 is vulnerable to disclosure of valid share tokens for public calendars due to a logical error. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token.
2017-05-08T20:29:00.333
2025-04-20T01:37:25.860
Deferred
CVSSv3.1: 4.3 (MEDIUM)
AV:N/AC:M/Au:N/C:P/I:N/A:N
8.6
2.9
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | nextcloud | nextcloud_server | < 11.0.3 | Yes |