Description
Calendar app for Nextcloud easily sync events from various devices with your Nextcloud. Some internal paths of the website are disclosed when the SMTP server is unavailable. It is recommended that the Calendar app is updated to 3.5.5 or 4.2.3
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2792-2734-hr7j
Patch x_refsource_misc
https://github.com/nextcloud/calendar/pull/4938
Scores
CVSS v3
2.6
EPSS
0.0023
EPSS Percentile
45.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-285
Status
published
Products (1)
nextcloud/calendar
< 3.5.5
Published
May 30, 2023
Tracked Since
Feb 18, 2026