CVE-2023-33183
First published: Tue May 30 2023(Updated: )
Calendar app for Nextcloud easily sync events from various devices with your Nextcloud. Some internal paths of the website are disclosed when the SMTP server is unavailable. It is recommended that the Calendar app is updated to 3.5.5 or 4.2.3
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nextcloud calendar | <3.5.5 | |
| Nextcloud calendar | >=4.0.0<4.2.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-33183?
CVE-2023-33183 is a vulnerability in the Calendar app for Nextcloud that allows disclosure of internal paths when the SMTP server is unavailable.
How can I protect my Nextcloud Calendar app from CVE-2023-33183?
To protect your Nextcloud Calendar app from CVE-2023-33183, it is recommended to update to version 3.5.5 or 4.2.3.
What is the severity of CVE-2023-33183?
The severity of CVE-2023-33183 is medium, with a severity value of 4.3.
Where can I find more information about CVE-2023-33183?
You can find more information about CVE-2023-33183 in the following references: [GitHub Pull Request](https://github.com/nextcloud/calendar/pull/4938) and [Nextcloud Security Advisories](https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2792-2734-hr7j).
What is the Common Weakness Enumeration (CWE) of CVE-2023-33183?
The CWE of CVE-2023-33183 is CWE-285, which is improper authorization.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-index
- collector/nvd-latest
- vendor/nextcloud
- canonical/nextcloud calendar
- version/nextcloud calendar/4.0.0