Platform: ownCloud Server
Risk level: Medium
CVSS v3 Base Score: 4.3 (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)
A logical error caused disclosure of valid share tokens for public calendars. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token.
- ownCloud Server < 10.0.2 (CVE-2017-9339)
The error has been fixed and regression tests been added.
The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:
- Lukas Reschke – Nextcloud GmbH (firstname.lastname@example.org) – Vulnerability discovery and disclosure.
Your secure file platform
Boost your productivity and enable collaboration within your organization.
The backbone of secure file sharing
Our software as a service solution. Hosted securely in Germany.
Ready in a glimpse.
Download Mobile Apps
Bring your productivity game to the next level. Download our Android or iOS app from the app stores.