CVE-2023-33183Improper Authorization in Security-advisories

CWE-285Improper Authorization2 documents2 sources
Severity
4.3MEDIUMNVD
CNA2.6
EPSS
0.2%
top 54.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nextcloud Security-advisoriesNextcloud Calendar
Timeline
PublishedMay 30

Description

Calendar app for Nextcloud easily sync events from various devices with your Nextcloud. Some internal paths of the website are disclosed when the SMTP server is unavailable. It is recommended that the Calendar app is updated to 3.5.5 or 4.2.3

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDnextcloud/calendar4.0.04.2.3+1
CVEListV5nextcloud/security-advisories< 3.5.5+1

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

1
CVEList
Error in calendar when booking an appointment reveals the full path of the website2023-05-30
CVE-2023-33183 — Improper Authorization | cvebase