4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
36.7%
ownCloud Server before 4.5.7 does not properly check ownership of
calendars, which allows remote authenticated users to read arbitrary
calendars via the calid parameter to /apps/calendar/export.php. NOTE: this
issue has been reported as a cross-site request forgery (CSRF)
vulnerability, but due to lack of details, it is uncertain what the root
cause is.
Author | Note |
---|---|
mdeslaur | owncloud packages in Ubuntu are now empty |