Lucene search
OwnCloudOC-SA-2013-018HistoryApr 19, 2013 - 11:42 a.m.
Server: Privilege escalation in the contacts application
2013-04-1911:42:22
owncloud.org
22
0.001 Low
EPSS
Percentile
35.8%
Due to not properly checking the ownership of a single contact, an authenticated attacker is able to download contacts of other users in all ownCloud versions prior to 5.0.5 including the 4.5.x branch.
Note: Successful exploitation of this privilege escalation requires the “contacts” app to be enabled (enabled by default).
For more information please consult the official advisory.
This advisory is licensed CC BY-SA 4.0
| CPE | Name | Operator | Version |
|---|---|---|---|
| owncloud server | lt | 4.5.10 | |
| owncloud server | lt | 5.0.5 |
Related
cvelist
cvelist
CVE-2013-1963
2014-03-14 16:00:00
cve
cve
CVE-2013-1963
2014-03-14 16:55:04
owncloud
owncloud
Privilege escalation in the contacts application - ownCloud
2013-04-19 18:06:11
ubuntucve
ubuntucve
CVE-2013-1963
2014-03-14 00:00:00
prion
prion
Design/Logic Flaw
2014-03-14 16:55:00
openvas
openvas
ownCloud 'contacts' Security Bypass Vulnerability (May 2014)
2014-05-05 00:00:00
Fedora Update for owncloud FEDORA-2013-6417
2013-05-13 00:00:00
Fedora Update for owncloud FEDORA-2013-6417
2013-05-13 00:00:00
nessus
nessus
Fedora 18 : owncloud-4.5.10-1.fc18 (2013-6417)
2013-05-10 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: owncloud-4.5.10-1.fc18
2013-05-10 04:53:00