CVE-2017-9339
First published: Mon Jul 17 2017(Updated: )
A logical error in ownCloud Server before 10.0.2 caused disclosure of valid share tokens for public calendars. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ownCloud Desktop Client | <10.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-9339?
CVE-2017-9339 has a medium severity rating due to its potential for unintended data exposure.
How do I fix CVE-2017-9339?
To fix CVE-2017-9339, upgrade your ownCloud Server to version 10.0.2 or later.
What problem does CVE-2017-9339 cause?
CVE-2017-9339 causes a logical error that may disclose valid share tokens for publicly shared calendars.
Are there any workarounds for CVE-2017-9339?
Temporary workarounds for CVE-2017-9339 include disabling public sharing of calendars until the software is upgraded.
Which versions of ownCloud are affected by CVE-2017-9339?
CVE-2017-9339 affects ownCloud Server versions prior to 10.0.2.
- agent/author
- agent/description
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/severity
- agent/references
- vendor/owncloud
- canonical/owncloud desktop client