Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2023-45150 | First vendor Publication | 2023-10-16 |
Vendor | Cve | Last vendor Modification | 2023-10-20 |
Security-Database Scoring CVSS v3
Cvss vector : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L | |||
---|---|---|---|
Overall CVSS Score | 4.3 | ||
Base Score | 4.3 | Environmental Score | 4.3 |
impact SubScore | 1.4 | Temporal Score | 4.3 |
Exploitabality Sub Score | 2.8 | ||
Attack Vector | Network | Attack Complexity | Low |
Privileges Required | Low | User Interaction | None |
Scope | Unchanged | Confidentiality Impact | None |
Integrity Impact | None | Availability Impact | Low |
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : | |||
---|---|---|---|
Cvss Base Score | N/A | Attack Range | N/A |
Cvss Impact Score | N/A | Attack Complexity | N/A |
Cvss Expoit Score | N/A | Authentication | N/A |
Calculate full CVSS 2.0 Vectors scores |
Detail
Nextcloud calendar is a calendar app for the Nextcloud server platform. Due to missing precondition checks the server was trying to validate strings of any length as email addresses even when megabytes of data were provided, eventually making the server busy and unresponsive. It is recommended that the Nextcloud Calendar app is upgraded to 4.4.4. The only workaround for users unable to upgrade is to disable the calendar app. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45150 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-354 | Improper Validation of Integrity Check Value |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 |
Sources (Detail)
Source | Url |
---|---|
MISC | https://github.com/nextcloud/calendar/pull/5358 https://github.com/nextcloud/security-advisories/security/advisories/GHSA-r93... https://hackerone.com/reports/2058337 |
Alert History
Date | Informations |
---|---|
2023-10-20 17:27:26 |
|
2023-10-17 17:27:22 |
|
2023-10-17 00:27:20 |
|