Affected configuration(s):
cpe:/a:nextcloud:nextcloud_server:10.0.3
cpe:/a:nextcloud:nextcloud_server:11.0.1
Date published: 2017-05-08T16:29:00.367-04:00
Date last modified: 2017-05-18T12:22:36.800-04:00
CVSS Score: 3.5
Principal attack vector: NETWORK
Complexity: MEDIUM
Reference URL: https://hackerone.com/reports/203594
Summary: Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure of calendar and addressbook names to other logged-in users. Note that no actual content of the calendar and addressbook has been disclosed.