CVE-2024-37887

Nextcloud Server is a self hosted personal cloud system. Private shared calendar events' recurrence exceptions can be read by sharees. It is recommended that the Nextcloud Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1 and that the Nextcloud Enterprise Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.5 LOW
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
GitHub_MCNA
3.5 LOW
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 17%
VendorProductVersion
nextcloudnextcloud_server
27.0.0 ≤
𝑥
< 27.1.10
nextcloudnextcloud_server
27.0.0 ≤
𝑥
< 27.1.10
nextcloudnextcloud_server
28.0.0 ≤
𝑥
≤ 28.0.6
nextcloudnextcloud_server
28.0.0 ≤
𝑥
< 28.0.6
nextcloudnextcloud_server
29.0.0
nextcloudnextcloud_server
29.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h4xv-cjpm-j595
https://github.com/nextcloud/server/pull/45309
https://hackerone.com/reports/2479325
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h4xv-cjpm-j595
https://github.com/nextcloud/server/pull/45309
https://hackerone.com/reports/2479325