CVE-2023-48308

Summary

Nextcloud/Cloud is a calendar app for Nextcloud. An attacker can gain access to stacktrace and internal paths of the server when generating an exception while editing a calendar appointment. It is recommended that the Nextcloud Calendar app is upgraded to 4.5.3

Affected Software

VendorProductVersion RangeStatus
nextcloudsecurity-advisories>= 3.0.0, < 4.5.3affected

Weaknesses

  • CWE-1258: CWE-1258: Exposure of Sensitive System Information Due to Uncleared Debug Information

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References