CVE Catalog

CVE-2023-33183

LowCVSS 2.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.44%

35th percentile — higher than 35% of all known CVEs

Summary

The Calendar app for Nextcloud discloses some internal paths of the website when the SMTP server is unavailable. It is recommended to update the Calendar app to version 3.5.5 or 4.2.3.

Risk Assessment

The disclosure of internal paths may lead to potential attacks on the Nextcloud infrastructure, posing a risk to data security.

Recommendation

It is recommended to immediately update the Calendar app to the latest version to minimize the risk associated with information disclosure.

Original NVD description (English source)

Calendar app for Nextcloud easily sync events from various devices with your Nextcloud. Some internal paths of the website are disclosed when the SMTP server is unavailable. It is recommended that the Calendar app is updated to 3.5.5 or 4.2.3

Vulnerability data from NVD (NIST) · CISA KEV · EPSS