42 строки
1.1 KiB
JSON
42 строки
1.1 KiB
JSON
{
|
|
"Title": "Classification of calendar events is ignored by the activity stream",
|
|
"Timestamp": 1555070400,
|
|
"Risk": 1,
|
|
"CVSS3": {
|
|
"score": 2.4,
|
|
"vector": "AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N"
|
|
},
|
|
"CWE": {
|
|
"id": 287,
|
|
"name": "Improper Authentication"
|
|
},
|
|
"HackerOne": 476615,
|
|
"Affected":[
|
|
{
|
|
"Version":"15.0.1",
|
|
"CVE":"CVE-2019-5449",
|
|
"Operator":"<"
|
|
},
|
|
{
|
|
"Version":"14.0.5",
|
|
"CVE":"CVE-2019-5449",
|
|
"Operator":"<"
|
|
},
|
|
{
|
|
"Version":"13.0.9",
|
|
"CVE":"CVE-2019-5449",
|
|
"Operator":"<"
|
|
}
|
|
],
|
|
"Description":"A missing check revealed the name of confidential events and private events to all users of a shared calendar.",
|
|
"ActionTaken": "The error has been fixed.",
|
|
"Acknowledgment":[
|
|
{
|
|
"Name": "Fabian Dellwing",
|
|
"Mail": "f.dellwing@netfutura.de",
|
|
"Reason": "Vulnerability discovery and disclosure."
|
|
}
|
|
],
|
|
"Resolution": "It is recommended that all instances are upgraded to Nextcloud 15.0.1, 14.0.5 or 13.0.9."
|
|
}
|