MEDIUM🇬🇧 English

CVE-2026-45286

CVSS 4.3v3.1pub. 2026-06-01upd. 2026-06-03

Nextcloud is an open source content collaboration platform. From versions 5.5.13 to before 5.5.17, and 6.2.0 to before 6.2.3, an authenticated user can enumerate users on the same Nextcloud instance by using the Calendar app's endpoint for suggesting attendees. The sharing restrictions, applied to other endpoints, were not effective here. This issue has been patched in versions 5.5.17 and 6.2.3.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
  • Nextcloud Calendar

    APP
    Nextcloud
    5.5.13 – 5.5.17 (bez)6.2.0 – 6.2.3 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2025-66550MEDIUM5.7ten sam produkt

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.17 and 5.2.4, when a malicious user creates a...

CVE-2025-66511MEDIUM4.8ten sam produkt

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 6.0.3, the Calendar app generates participant tok...

CVE-2024-37316MEDIUM4.6ten sam produkt

Nextcloud Calendar is a calendar app for Nextcloud. Authenticated users could create an event with manipulated...

CVE-2023-45150MEDIUM4.3ten sam produkt

Nextcloud calendar is a calendar app for the Nextcloud server platform. Due to missing precondition checks the...

CVE-2022-24838MEDIUM5.3ten sam produkt

Nextcloud Calendar is a calendar application for the nextcloud framework. SMTP Command Injection in Appointmen...