Lucene search
OwnCloudOC-SA-2013-024HistoryMay 14, 2013 - 11:42 a.m.
Server: Privilege escalation in the calendar application
2013-05-1411:42:22
owncloud.org
25
0.001 Low
EPSS
Percentile
36.7%
Due to not properly checking the ownership of an calendar, an authenticated attacker is able to download calendars of other users via the “calendar_id” GET parameter to /apps/calendar/ajax/events.php
Note: Successful exploitation of this privilege escalation requires the “calendar” app to be enabled (enabled by default).
For more information please consult the official advisory.
This advisory is licensed CC BY-SA 4.0
| CPE | Name | Operator | Version |
|---|---|---|---|
| owncloud server | lt | 5.0.6 | |
| owncloud server | lt | 4.5.11 |
Related
cve
cve
CVE-2013-2043
2014-03-14 16:55:05
owncloud
owncloud
Privilege escalation in the calendar application - ownCloud
2013-05-14 18:11:49
nvd
nvd
CVE-2013-2043
2014-03-14 16:55:05
openvas
openvas
ownCloud 'calendar_id' Parameter privilege Escalation Vulnerability
2014-05-06 00:00:00
Fedora Update for owncloud FEDORA-2013-10440
2013-06-24 00:00:00
Fedora Update for owncloud FEDORA-2013-10440
2013-06-24 00:00:00
ubuntucve
ubuntucve
CVE-2013-2043
2014-03-14 00:00:00
prion
prion
Code injection
2014-03-14 16:55:00
cvelist
cvelist
CVE-2013-2043
2014-03-14 16:00:00
nessus
nessus
Fedora 18 : owncloud-4.5.12-1.fc18 (2013-10440)
2013-07-12 00:00:00
freebsd
freebsd
owncloud -- Multiple security vulnerabilities
2013-05-14 00:00:00