Description

ownCloud Server before 7.0.8, 8.0.x before 8.0.6, and 8.1.x before 8.1.1 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to apps/calendar/export.php.

Remediation

References

CVE-2015-6670

Related Vulnerabilities

Serendipity Other Vulnerability (CVE-2005-1448)

PHP Inadequate Encryption Strength Vulnerability (CVE-2020-7069)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-2155)

SharePoint Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-8580)

WordPress Plugin OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) Supply Chain Attack [Polyfill.io] (1.1.2)

Severity

Medium

Classification

CVE-2015-6670

Tags

Missing Update Known Vulnerabilities