Description

ownCloud Server before 7.0.8, 8.0.x before 8.0.6, and 8.1.x before 8.1.1 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to apps/calendar/export.php.

Remediation

References

CVE-2015-6670

Related Vulnerabilities

Lighttpd Inadequate Encryption Strength Vulnerability (CVE-2013-4508)

WordPress Plugin Custom Website Data Cross-Site Request Forgery (1.2)

WordPress Plugin WordPress Ad Widget Local File Inclusion (2.11.0)

WordPress Plugin Cookie Consent for WP-Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) Cross-Site Scripting (3.2.0)

Atlassian Confluence CVE-2023-22508 Vulnerability (CVE-2023-22508)

Severity

Medium

Classification

CVE-2015-6670

Tags

Missing Update Known Vulnerabilities