CVE-2017-0894

Summary

Nextcloud Server before 11.0.3 is vulnerable to disclosure of valid share tokens for public calendars due to a logical error. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token.

Affected Software

VendorProductVersion RangeStatus
NextcloudNextcloud Serverbefore 11.0.3affected

Weaknesses

  • CWE-285: Information Exposure Through Directory Listing (CWE-285)

ADP Enrichment

CVE Program Container

Additional References

References