CVE-2015-6670

{"id": "CVE-2015-6670", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-10-26T14:59:09.577", "references": [{"url": "http://www.debian.org/security/2015/dsa-3373", "source": "cve@mitre.org"}, {"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-015", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "ownCloud Server before 7.0.8, 8.0.x before 8.0.6, and 8.1.x before 8.1.1 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to apps/calendar/export.php."}, {"lang": "es", "value": "ownCloud Server en versiones anteriores a 7.0.8, 8.0.x en versiones anteriores a 8.0.6 y 8.1.x en versiones anteriores a 8.1.1 no verifica adecuadamente el propietario de los calendarios, lo que permite a usuarios remotos autenticados leer calendarios arbitrariamente a trav\u00e9s del par\u00e1metro calid en apps/calendar/export.php."}], "lastModified": "2017-11-04T01:29:07.553", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E1941F4-D2B5-4633-A934-FBD126B72D1C"}, {"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22EBDD6A-804F-44E8-A516-61760B5D447B"}, {"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9FF6F676-1C9E-4F33-8E91-BC41E42CEE57"}, {"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BBF3DCFD-3264-4315-947E-0D2725E3BFEA"}, {"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C26782F8-FE62-4B2D-B0C9-81EFFE395D6F"}, {"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5945851-35B8-4509-92C7-CF706C794266"}, {"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7F58319-DE37-4307-9D60-BDFC27D6826B"}, {"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8AD03A74-6F1D-43EC-BC93-F2AF2467F6D2"}, {"criteria": "cpe:2.3:a:owncloud:owncloud:8.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8C45645-3A99-4E08-952A-EEBFE35AC70E"}, {"criteria": "cpe:2.3:a:owncloud:owncloud:8.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6AFD0FA9-F12F-46A2-90F4-B48310A7ED0D"}, {"criteria": "cpe:2.3:a:owncloud:owncloud:8.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C18316B-E0DF-4693-AD3A-8C923965931B"}, {"criteria": "cpe:2.3:a:owncloud:owncloud:8.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66A3C5DA-52BA-4B86-A7A1-BEAE730E80E7"}, {"criteria": "cpe:2.3:a:owncloud:owncloud:8.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "453D8D0E-B385-4A8F-9D01-CDE38E6C1D4B"}, {"criteria": "cpe:2.3:a:owncloud:owncloud:8.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "644C5331-A967-497D-A7ED-919F5988C8E8"}], "operator": "OR"}]}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/639.html\">CWE-639: Authorization Bypass Through User-Controlled Key</a>", "sourceIdentifier": "cve@mitre.org"}