CVE-2023-33183

Source
https://cve.org/CVERecord?id=CVE-2023-33183
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-33183.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-33183
Aliases
  • GHSA-2792-2734-hr7j
Published
2023-05-30T05:01:55.759Z
Modified
2026-07-08T07:34:13.578012056Z
Severity
  • 2.6 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N CVSS Calculator
Summary
Error in calendar when booking an appointment reveals the full path of the website
Details

Calendar app for Nextcloud easily sync events from various devices with your Nextcloud. Some internal paths of the website are disclosed when the SMTP server is unavailable. It is recommended that the Calendar app is updated to 3.5.5 or 4.2.3

Database specific
{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-285"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/33xxx/CVE-2023-33183.json"
}
References

Affected packages

Git / github.com/nextcloud/calendar

Affected ranges

Type
GIT
Repo
https://github.com/nextcloud/calendar
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Introduced
Fixed
Database specific
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.5.5"
        },
        {
            "introduced": "4.0.0"
        },
        {
            "fixed": "4.2.3"
        }
    ],
    "cpe": "cpe:2.3:a:nextcloud:calendar:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE"
}

Affected versions

v1.*
v1.0
v1.0-alpha1
v1.0-alpha2
v1.1
v1.2
v1.2.1
v1.2.2
v1.3.0
v1.3.1
v1.3.2
v1.3.3
v1.4.0
v1.4.1
v1.5.0
v1.5.1
v1.5.2
v1.5.3
v1.5.4
v1.5.5
v1.5.6
v1.5.7
v1.6.0
v1.6.1
v1.6.2
v1.6.3
v1.6.4
v1.7.0
v1.7.1
v2.*
v2.0.0
v2.0.0-beta1
v2.0.0-beta2
v2.0.0-beta3
v2.0.0-rc1
v2.0.1
v2.0.2
v2.0.3
v2.1.0
v2.1.1
v2.1.2
v2.1.3
v2.2.0
v2.3.0-RC.1
v2.3.0-alpha.1
v2.3.0-alpha.2
v2.3.0-alpha.3
v2.4.0-rc.1
v2.4.0-rc2
v3.*
v3.0.0-beta1
v3.0.0-beta2
v3.0.0-rc1
v3.1.0-rc1
v3.2.0
v3.3.0
v3.4.0-rc1
v3.5.0
v3.5.1
v3.5.2
v3.5.3
v3.5.4
v4.*
v4.0.0-alpha1
v4.0.0-alpha2
v4.2.0
v4.2.0-rc1
v4.2.1
v4.2.2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-33183.json"