Unrated severityNVD Advisory· Published Jun 14, 2024· Updated Aug 2, 2024
Nextcloud Calendar's event create can create attachments that link to other websites
CVE-2024-37316
Description
Nextcloud Calendar is a calendar app for Nextcloud. Authenticated users could create an event with manipulated attachment data leading to a bad redirect for participants when clicked. It is recommended that the Nextcloud Calendar App is upgraded to 4.6.8 or 4.7.2.
Affected products
2- Range: <4.6.8, <4.7.2
- nextcloud/security-advisoriesv5Range: >= 4.3.0, < 4.6.8
Patches
Vulnerability mechanics
References
3- github.com/nextcloud/calendar/pull/5966mitrex_refsource_MISC
- github.com/nextcloud/security-advisories/security/advisories/GHSA-2r7q-vfmv-79qfmitrex_refsource_CONFIRM
- hackerone.com/reports/2457588mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.