Описание
apps/calendar/ajax/events.php in ownCloud before 4.5.11 and 5.x before 5.0.6 does not properly check the ownership of a calendar, which allows remote authenticated users to download arbitrary calendars via the calendar_id parameter.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 6.0.1+dfsg-1ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [6.0.1+dfsg-1ubuntu1]] |
| lucid | DNE | |
| precise | not-affected | |
| quantal | not-affected | 4.0.8debian-1.1ubuntu0.1 |
| raring | ignored | end of life |
| saucy | not-affected | 5.0.10+dfsg-1ubuntu1 |
| trusty | not-affected | 6.0.1+dfsg-1ubuntu1 |
| trusty/esm | DNE | trusty was not-affected [6.0.1+dfsg-1ubuntu1] |
| upstream | released | 5.0.6 |
Показывать по
4 Medium
CVSS2
Связанные уязвимости
apps/calendar/ajax/events.php in ownCloud before 4.5.11 and 5.x before 5.0.6 does not properly check the ownership of a calendar, which allows remote authenticated users to download arbitrary calendars via the calendar_id parameter.
apps/calendar/ajax/events.php in ownCloud before 4.5.11 and 5.x before ...
apps/calendar/ajax/events.php in ownCloud before 4.5.11 and 5.x before 5.0.6 does not properly check the ownership of a calendar, which allows remote authenticated users to download arbitrary calendars via the calendar_id parameter.
4 Medium
CVSS2