CVE-2015-6670

medium

Description

ownCloud Server before 7.0.8, 8.0.x before 8.0.6, and 8.1.x before 8.1.1 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to apps/calendar/export.php.

References

https://owncloud.org/security/advisory/?id=oc-sa-2015-015

http://www.debian.org/security/2015/dsa-3373

Details

Source: Mitre, NVD

Published: 2015-10-26

Updated: 2017-11-04

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N