mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
104 lines
3.7 KiB
JSON
104 lines
3.7 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2024-37887",
|
|
"ASSIGNER": "security-advisories@github.com",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Nextcloud Server is a self hosted personal cloud system. Private shared calendar events' recurrence exceptions can be read by sharees. It is recommended that the Nextcloud Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1 and that the Nextcloud Enterprise Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-284: Improper Access Control",
|
|
"cweId": "CWE-284"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "nextcloud",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "security-advisories",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": ">= 27.0.0, < 27.1.10"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": ">= 27.0.0, < 28.0.6"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": ">= 27.0.0, < 29.0.1"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h4xv-cjpm-j595",
|
|
"refsource": "MISC",
|
|
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h4xv-cjpm-j595"
|
|
},
|
|
{
|
|
"url": "https://github.com/nextcloud/server/pull/45309",
|
|
"refsource": "MISC",
|
|
"name": "https://github.com/nextcloud/server/pull/45309"
|
|
},
|
|
{
|
|
"url": "https://hackerone.com/reports/2479325",
|
|
"refsource": "MISC",
|
|
"name": "https://hackerone.com/reports/2479325"
|
|
}
|
|
]
|
|
},
|
|
"source": {
|
|
"advisory": "GHSA-h4xv-cjpm-j595",
|
|
"discovery": "UNKNOWN"
|
|
},
|
|
"impact": {
|
|
"cvss": [
|
|
{
|
|
"attackComplexity": "LOW",
|
|
"attackVector": "NETWORK",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 3.5,
|
|
"baseSeverity": "LOW",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "NONE",
|
|
"privilegesRequired": "LOW",
|
|
"scope": "UNCHANGED",
|
|
"userInteraction": "REQUIRED",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
|
|
"version": "3.1"
|
|
}
|
|
]
|
|
}
|
|
} |