Vulnerability Description
Nextcloud Calendar is a calendar app for Nextcloud. Authenticated users could create an event with manipulated attachment data leading to a bad redirect for participants when clicked. It is recommended that the Nextcloud Calendar App is upgraded to 4.6.8 or 4.7.2.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nextcloud | Calendar | >= 4.3.0, < 4.6.8 |
Related Weaknesses (CWE)
References
- https://github.com/nextcloud/calendar/pull/5966Patch
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2r7q-vThird Party Advisory
- https://hackerone.com/reports/2457588Issue Tracking
- https://github.com/nextcloud/calendar/pull/5966Patch
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2r7q-vThird Party Advisory
- https://hackerone.com/reports/2457588Issue Tracking
FAQ
What is CVE-2024-37316?
CVE-2024-37316 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Nextcloud Calendar is a calendar app for Nextcloud. Authenticated users could create an event with manipulated attachment data leading to a bad redirect for participants when clicked. It is recommende...
How severe is CVE-2024-37316?
CVE-2024-37316 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-37316?
Check the references section above for vendor advisories and patch information. Affected products include: Nextcloud Calendar.