Vulnerability Details : CVE-2023-33183
Calendar app for Nextcloud easily sync events from various devices with your Nextcloud. Some internal paths of the website are disclosed when the SMTP server is unavailable. It is recommended that the Calendar app is updated to 3.5.5 or 4.2.3
Vulnerability category: BypassGain privilege
Products affected by CVE-2023-33183
- cpe:2.3:a:nextcloud:calendar:*:*:*:*:*:*:*:*
- cpe:2.3:a:nextcloud:calendar:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-33183
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 30 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-33183
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
NIST | |
2.6
|
LOW | CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N |
1.2
|
1.4
|
GitHub, Inc. |
CWE ids for CVE-2023-33183
-
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.Assigned by: security-advisories@github.com (Secondary)
References for CVE-2023-33183
-
https://github.com/nextcloud/calendar/pull/4938
Refine exception handling for booking controller by miaulalala · Pull Request #4938 · nextcloud/calendar · GitHubPatch
-
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2792-2734-hr7j
Error in calendar when booking an appointment reveals the full path of the website · Advisory · nextcloud/security-advisories · GitHubVendor Advisory
Jump to