CVE-2015-6670

ownCloud Server before 7.0.8, 8.0.x before 8.0.6, and 8.1.x before 8.1.1 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to apps/calendar/export.php.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:owncloud:owncloud:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:7.0.4:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:7.0.5:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:7.0.6:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:7.0.7:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:8.0.2:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:8.0.3:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:8.0.4:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:8.0.5:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:8.1.0:*:*:*:*:*:*:*

History

21 Nov 2024, 02:35

Type Values Removed Values Added
References () http://www.debian.org/security/2015/dsa-3373 - () http://www.debian.org/security/2015/dsa-3373 -
References () https://owncloud.org/security/advisory/?id=oc-sa-2015-015 - Vendor Advisory () https://owncloud.org/security/advisory/?id=oc-sa-2015-015 - Vendor Advisory

Information

Published : 2015-10-26 14:59

Updated : 2024-11-21 02:35


NVD link : CVE-2015-6670

Mitre link : CVE-2015-6670

CVE.ORG link : CVE-2015-6670


JSON object : View

Products Affected

owncloud

  • owncloud