Lucene search

K
nvd[email protected]NVD:CVE-2013-0304
HistoryJun 05, 2014 - 3:44 p.m.

CVE-2013-0304

2014-06-0515:44:07
CWE-264
web.nvd.nist.gov
4

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0.001

Percentile

36.5%

ownCloud Server before 4.5.7 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to /apps/calendar/export.php. NOTE: this issue has been reported as a cross-site request forgery (CSRF) vulnerability, but due to lack of details, it is uncertain what the root cause is.

Affected configurations

Nvd
Node
owncloudowncloudRange4.5.6
OR
owncloudowncloudMatch4.5.0
OR
owncloudowncloudMatch4.5.1
OR
owncloudowncloudMatch4.5.2
OR
owncloudowncloudMatch4.5.3
OR
owncloudowncloudMatch4.5.4
OR
owncloudowncloudMatch4.5.5
VendorProductVersionCPE
owncloudowncloud*cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*
owncloudowncloud4.5.0cpe:2.3:a:owncloud:owncloud:4.5.0:*:*:*:*:*:*:*
owncloudowncloud4.5.1cpe:2.3:a:owncloud:owncloud:4.5.1:*:*:*:*:*:*:*
owncloudowncloud4.5.2cpe:2.3:a:owncloud:owncloud:4.5.2:*:*:*:*:*:*:*
owncloudowncloud4.5.3cpe:2.3:a:owncloud:owncloud:4.5.3:*:*:*:*:*:*:*
owncloudowncloud4.5.4cpe:2.3:a:owncloud:owncloud:4.5.4:*:*:*:*:*:*:*
owncloudowncloud4.5.5cpe:2.3:a:owncloud:owncloud:4.5.5:*:*:*:*:*:*:*

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0.001

Percentile

36.5%