Description
Improper preservation of permissions in Nextcloud Server 14.0.3 causes the event details to be leaked when sharing a non-public event.
Scores
CVSS v3
4.3
EPSS
0.0030
EPSS Percentile
53.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-280
CWE-281
Status
published
Products (1)
nextcloud/nextcloud_server
< 12.0.13
Published
Feb 04, 2020
Tracked Since
Feb 18, 2026