{"id":"CVE-2016-6190","details":"SOGo before 2.3.12 and 3.x before 3.1.1 does not restrict access to the UID and DTSTAMP attributes, which allows remote authenticated users to obtain sensitive information about appointments with the \"View the Date & Time\" restriction, as demonstrated by correlating UIDs and DTSTAMPs between all users.","modified":"2026-04-11T04:02:26.172954Z","published":"2017-02-17T17:59:00.843Z","references":[{"type":"ADVISORY","url":"https://sogo.nu/bugs/view.php?id=3696"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/07/09/3"},{"type":"FIX","url":"https://github.com/inverse-inc/sogo/commit/875a4aca3218340fd4d3141950c82c2ff45b343d"},{"type":"FIX","url":"https://github.com/inverse-inc/sogo/commit/717f45f640a2866b76a8984139391fae64339225"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/Alinto/sogo","events":[{"introduced":"0"},{"last_affected":"c5526bb70aef69b7be128f96a8d33ef99d4b97a5"},{"introduced":"0"},{"last_affected":"fe0221f6300bc92f0156f9dde4e58c1c8d3610e7"},{"introduced":"0"},{"last_affected":"9f7c205da962f4c1aba30297a739bb71af89c861"},{"introduced":"0"},{"last_affected":"b57dd57c53bda121e4a21cad9a9b122a573ff869"},{"introduced":"0"},{"last_affected":"335621ba421f746b27dcc7184cde7ae769bf4538"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.3.11"},{"introduced":"0"},{"last_affected":"3.0.0"},{"introduced":"0"},{"last_affected":"3.0.1"},{"introduced":"0"},{"last_affected":"3.0.2"},{"introduced":"0"},{"last_affected":"3.1.0"}]}},{"type":"GIT","repo":"https://github.com/alinto/sogo","events":[{"introduced":"0"},{"fixed":"717f45f640a2866b76a8984139391fae64339225"},{"fixed":"875a4aca3218340fd4d3141950c82c2ff45b343d"}]}],"versions":["SOGo-2.0.1","SOGo-2.0.2","SOGo-2.2.17a","SOGo-2.2.20","SOGo-2.3.0","SOGo-2.3.1","SOGo-2.3.10","SOGo-2.3.11","SOGo-2.3.2","SOGo-2.3.3","SOGo-2.3.3a","SOGo-2.3.4","SOGo-2.3.5","SOGo-2.3.6","SOGo-2.3.7","SOGo-2.3.7a","SOGo-2.3.8","SOGo-2.3.9","SOGo-3.0.0","SOGo-3.0.0b1","SOGo-3.0.0b2","SOGo-3.0.0b3","SOGo-3.0.0b4","SOGo-3.0.0b5","SOGo-3.0.1","SOGo-3.0.2","SOGo-3.1.0"],"database_specific":{"vanir_signatures":[{"deprecated":false,"target":{"file":"SoObjects/SOGo/SOGoUserSettings.h"},"id":"CVE-2016-6190-06b8778f","source":"https://github.com/alinto/sogo/commit/717f45f640a2866b76a8984139391fae64339225","signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["272275947418062989887012245545970907197","237761867161411648712498103835426187177","231454080872523687104751719403681284838","193563563261601370690713969555675233477"]}},{"deprecated":false,"target":{"file":"SoObjects/SOGo/SOGoUserSettings.h"},"id":"CVE-2016-6190-26f1ac38","source":"https://github.com/alinto/sogo/commit/875a4aca3218340fd4d3141950c82c2ff45b343d","signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["272275947418062989887012245545970907197","237761867161411648712498103835426187177","231454080872523687104751719403681284838","193563563261601370690713969555675233477"]}}],"vanir_signatures_modified":"2026-04-11T04:02:26Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-6190.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"3.0.0-beta_1"}]},{"events":[{"introduced":"0"},{"last_affected":"3.0.0-beta_2"}]},{"events":[{"introduced":"0"},{"last_affected":"3.0.0-beta_3"}]},{"events":[{"introduced":"0"},{"last_affected":"3.0.0-beta_4"}]},{"events":[{"introduced":"0"},{"last_affected":"3.0.0-beta_5"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}]}