{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-33183", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-05-17T22:25:50.697Z", "datePublished": "2023-05-30T05:01:55.759Z", "dateUpdated": "2025-01-10T19:58:25.902Z"}, "containers": {"cna": {"title": "Error in calendar when booking an appointment reveals the full path of the website", "problemTypes": [{"descriptions": [{"cweId": "CWE-285", "lang": "en", "description": "CWE-285: Improper Authorization", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.6, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2792-2734-hr7j", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2792-2734-hr7j"}, {"name": "https://github.com/nextcloud/calendar/pull/4938", "tags": ["x_refsource_MISC"], "url": "https://github.com/nextcloud/calendar/pull/4938"}], "affected": [{"vendor": "nextcloud", "product": "security-advisories", "versions": [{"version": "< 3.5.5", "status": "affected"}, {"version": "< 4.2.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-05-30T05:01:55.759Z"}, "descriptions": [{"lang": "en", "value": "Calendar app for Nextcloud easily sync events from various devices with your Nextcloud. Some internal paths of the website are disclosed when the SMTP server is unavailable. It is recommended that the Calendar app is updated to 3.5.5 or 4.2.3\n\n"}], "source": {"advisory": "GHSA-2792-2734-hr7j", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T15:39:35.808Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2792-2734-hr7j", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2792-2734-hr7j"}, {"name": "https://github.com/nextcloud/calendar/pull/4938", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/nextcloud/calendar/pull/4938"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-10T19:58:18.366673Z", "id": "CVE-2023-33183", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-10T19:58:25.902Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2792-2734-hr7j", "name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2792-2734-hr7j", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/nextcloud/calendar/pull/4938", "name": "https://github.com/nextcloud/calendar/pull/4938", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T15:39:35.808Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-33183", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-10T19:58:18.366673Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-10T19:58:22.404Z"}}], "cna": {"title": "Error in calendar when booking an appointment reveals the full path of the website", "source": {"advisory": "GHSA-2792-2734-hr7j", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.6, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "nextcloud", "product": "security-advisories", "versions": [{"status": "affected", "version": "< 3.5.5"}, {"status": "affected", "version": "< 4.2.3"}]}], "references": [{"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2792-2734-hr7j", "name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2792-2734-hr7j", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/nextcloud/calendar/pull/4938", "name": "https://github.com/nextcloud/calendar/pull/4938", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Calendar app for Nextcloud easily sync events from various devices with your Nextcloud. Some internal paths of the website are disclosed when the SMTP server is unavailable. It is recommended that the Calendar app is updated to 3.5.5 or 4.2.3\n\n"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-285", "description": "CWE-285: Improper Authorization"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-05-30T05:01:55.759Z"}}}, "cveMetadata": {"cveId": "CVE-2023-33183", "state": "PUBLISHED", "dateUpdated": "2025-01-10T19:58:25.902Z", "dateReserved": "2023-05-17T22:25:50.697Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2023-05-30T05:01:55.759Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nextcloud:calendar:*:*:*:*:*:*:*:*", "matchCriteriaId": "3670BD84-649F-4B16-8F7B-80A70F56D345", "versionEndExcluding": "3.5.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:nextcloud:calendar:*:*:*:*:*:*:*:*", "matchCriteriaId": "2A1232F9-5064-488D-96C6-F63D6D48D188", "versionEndExcluding": "4.2.3", "versionStartIncluding": "4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Calendar app for Nextcloud easily sync events from various devices with your Nextcloud. Some internal paths of the website are disclosed when the SMTP server is unavailable. It is recommended that the Calendar app is updated to 3.5.5 or 4.2.3\n\n"}], "id": "CVE-2023-33183", "lastModified": "2024-11-21T08:05:04.257", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.6, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-05-30T06:16:35.080", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/nextcloud/calendar/pull/4938"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2792-2734-hr7j"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/nextcloud/calendar/pull/4938"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2792-2734-hr7j"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-285"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}