CVE-2023-33183

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-33183

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-33183.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-33183

Aliases

GHSA-2792-2734-hr7j

Published

2023-05-30T05:01:55.759Z

Modified

2026-02-05T08:57:11.416218Z

Severity

2.6 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Error in calendar when booking an appointment reveals the full path of the website

Details

Calendar app for Nextcloud easily sync events from various devices with your Nextcloud. Some internal paths of the website are disclosed when the SMTP server is unavailable. It is recommended that the Calendar app is updated to 3.5.5 or 4.2.3

Database specific

{
    "cwe_ids": [
        "CWE-285"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/33xxx/CVE-2023-33183.json"
}

References

Affected packages

Git / github.com/nextcloud/calendar

Affected ranges

Type: GIT
Repo: https://github.com/nextcloud/calendar
Events: Introduced

d840d46412d121c9ae2697efed7f1ce6dd414fc2

Fixed

a7fe00b054737277206062b96d84cfcdc5abb6bd

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-33183.json"