ownCloud Server before 7.0.8, 8.0.x before 8.0.6, and 8.1.x before 8.1.1 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to apps/calendar/export.php.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:35
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.debian.org/security/2015/dsa-3373 - | |
References | () https://owncloud.org/security/advisory/?id=oc-sa-2015-015 - Vendor Advisory |
Information
Published : 2015-10-26 14:59
Updated : 2024-11-21 02:35
NVD link : CVE-2015-6670
Mitre link : CVE-2015-6670
CVE.ORG link : CVE-2015-6670
JSON object : View
Products Affected
owncloud
- owncloud
CWE