{"id":"CVE-2017-0895","details":"Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure of calendar and addressbook names to other logged-in users. Note that no actual content of the calendar and addressbook has been disclosed.","modified":"2026-03-13T22:22:10.617723Z","published":"2017-05-08T20:29:00.367Z","references":[{"type":"ADVISORY","url":"https://hackerone.com/reports/203594"},{"type":"ADVISORY","url":"https://nextcloud.com/security/advisory/?id=nc-sa-2017-012"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nextcloud/server","events":[{"introduced":"43ce8b13c1422ed82f42886b5918159f05b36967"},{"fixed":"b05312a699c9992e2a7b3a5b8118d29d7af8b1dc"},{"introduced":"ed7b18799f7d57ab9346e224b4dcea0961c9537f"},{"fixed":"401d07d2b05dd603f81453a10bce01627e5e6cde"}],"database_specific":{"versions":[{"introduced":"10.0.0"},{"fixed":"10.0.4"},{"introduced":"11.0.0"},{"fixed":"11.0.2"}]}}],"versions":["v10.0.0","v10.0.1","v10.0.1RC1","v10.0.2","v10.0.3","v10.0.3RC1","v10.0.4RC1","v11.0.0","v11.0.1","v11.0.1RC1","v11.0.2RC1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-0895.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"}]}