CVE-2015-6670

2015-10-26T10:59:09
ID CVE-2015-6670
Type cve
Reporter NVD
Modified 2017-11-03T21:29:07

Description

ownCloud Server before 7.0.8, 8.0.x before 8.0.6, and 8.1.x before 8.1.1 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to apps/calendar/export.php.