CVE-2024-37887
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-37887
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-37887.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-37887
- Aliases
-
- GHSA-h4xv-cjpm-j595
- Published
- 2024-06-14T15:48:11Z
- Modified
- 2025-10-20T20:29:33.157099Z
- Severity
-
- 3.5 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- Nextcloud Server's events information leaked with shared calendars on recurrence exceptions
- Details
-
Nextcloud Server is a self hosted personal cloud system. Private shared calendar events' recurrence exceptions can be read by sharees. It is recommended that the Nextcloud Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1 and that the Nextcloud Enterprise Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1.
- Database specific
{ "cwe_ids": [ "CWE-284" ] }- References
Affected packages
Git / github.com/nextcloud/server
Affected ranges
- Type
- GIT
- Repo
- https://github.com/nextcloud/server
- Events
- Type
- GIT
- Repo
- https://github.com/nextcloud/server
- Events
- Type
- GIT
- Repo
- https://github.com/nextcloud/server
- Events
Affected versions
v27.*
v27.0.0
v27.0.1
v27.0.1rc1
v27.0.1rc2
v27.0.2
v27.0.2rc1
v27.1.0
v27.1.0beta2
v27.1.0beta3
v27.1.0rc1
v27.1.0rc2
v27.1.0rc3
v27.1.0rc4
v27.1.1
v27.1.10rc1
v27.1.10rc2
v27.1.2
v27.1.2rc1
v27.1.3
v27.1.3rc1
v27.1.3rc2
v27.1.4
v27.1.4rc1
v27.1.5
v27.1.5rc1
v27.1.6
v27.1.6rc1
v27.1.6rc2
v27.1.7
v27.1.7rc1
v27.1.7rc2
v27.1.8
v27.1.8rc1
v27.1.9
v27.1.9rc1