CNNVD-202512-666 Information
CNNVD ID
CNNVD-202512-666
Related CVE
- CNNVD Published: 2025-12-05
Description (Chinese)
Nextcloud Calendar是Nextcloud开源的一个日历应用程序。 Nextcloud Calendar 6.0.3之前版本存在安全特征问题漏洞,该漏洞源于会议提案参与者令牌生成方式不安全,可能导致令牌被计算。
Description (English)
Nextcloud Calendar is a calendar application from the Nextcloud open source. Nextcloud Calendar before version 6.0.3 had a security feature loophole, which stemmed from the unsafe manner in which the tokens of the participants in the proposal for the meeting were generated and could lead to the counting of the tokens.
Hazard Level
High
Vulnerability Type
安全特征问题
Affected Vendor
Nextcloud
Published
2025-12-05
Last Modified
2026-02-24
References
https://github.com/nextcloud/calendar/commit/8de14ae87f321f5f09280d9895a27d54d24f33fb https://github.com/nextcloud/calendar/pull/7659 https://github.com/nextcloud/security-advisories/security/advisories/GHSA-whm3-vv55-gf27 https://hackerone.com/reports/3385434
Patch
https://apps.nextcloud.com/apps/calendar
Share on: