Stack trace leak in Nextcloud Calendar app <4.5.3 (CVE-2023-48308)
CVE-2023-48308 Published on December 22, 2023

Nextcloud/Cloud is a calendar app for Nextcloud. An attacker can gain access to stacktrace and internal paths of the server when generating an exception while editing a calendar appointment. It is recommended that the Nextcloud Calendar app is upgraded to 4.5.3

NVD

Vulnerability Analysis

CVE-2023-48308 is exploitable with network access, requires user interaction and a small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a small impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
NONE
Availability Impact:
LOW

Weakness Type

Exposure of Sensitive System Information Due to Uncleared Debug Information

The hardware does not fully clear security-sensitive values, such as keys and intermediate values in cryptographic operations, when debug mode is entered.


Products Associated with CVE-2023-48308

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-48308 are published in Nextcloud Calendar:

Nextcloud Calendar
 

Affected Versions

nextcloud security-advisories Version >= 3.0.0, < 4.5.3 is affected by CVE-2023-48308

Exploit Probability

EPSS
0.27%
Percentile
50.04%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.