MEDIUM
Inverse Inc
CVE published 2017-02-17
CVE-2016-6190
CVE-2016-6190 describes an information disclosure issue in SOGo calendar access control. Before SOGo 2.3.12 and 3.x before 3.1.1, authenticated users could access UID and DTSTAMP attributes even when appointments were protected by the "View the Date & Time" restriction. By correlating those values across users, an attacker could infer sensitive details about appointments that should have remained partiall [truncated]