CVE-2017-9339

MEDIUM

ownCloud Server <10.0.2 - Info Disclosure

Title source: llm

Description

A logical error in ownCloud Server before 10.0.2 caused disclosure of valid share tokens for public calendars. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token.

References (1)

[Broken Link, Vendor Advisory] https://owncloud.org/security/advisory/?id=oc-sa-2017-005

Scores

CVSS v3 5.3

EPSS 0.0024

EPSS Percentile 46.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Classification

Status draft

Affected Products (1)

owncloud/owncloud < 10.0.2

Timeline

Published Jul 17, 2017

Tracked Since Feb 18, 2026