CVE-2023-33183

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/nextcloud/calendar/pull/4938", "name": "https://github.com/nextcloud/calendar/pull/4938", "tags": ["Patch"], "refsource": "MISC"}, {"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2792-2734-hr7j", "name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2792-2734-hr7j", "tags": ["Vendor Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Calendar app for Nextcloud easily sync events from various devices with your Nextcloud. Some internal paths of the website are disclosed when the SMTP server is unavailable. It is recommended that the Calendar app is updated to 3.5.5 or 4.2.3\n\n"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2023-33183", "ASSIGNER": "security-advisories@github.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}}, "publishedDate": "2023-05-30T06:16Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:nextcloud:calendar:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "4.2.3", "versionStartIncluding": "4.0.0"}, {"cpe23Uri": "cpe:2.3:a:nextcloud:calendar:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "3.5.5"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-06-05T18:11Z"}