CVE-2016-6190
MEDIUM4.3EPSS 0.20%發布日:2017/2/17修改日:2026/4/28
也稱為:DEBIAN-CVE-2016-6190
描述
SOGo before 2.3.12 and 3.x before 3.1.1 does not restrict access to the UID and DTSTAMP attributes, which allows remote authenticated users to obtain sensitive information about appointments with the "View the Date & Time" restriction, as demonstrated by correlating UIDs and DTSTAMPs between all users.
受影響套件(1)
- Debian/sogofrom 0, < 3.2.4-0.2
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |