Description

apps/calendar/ajax/events.php in ownCloud before 4.5.11 and 5.x before 5.0.6 does not properly check the ownership of a calendar, which allows remote authenticated users to download arbitrary calendars via the calendar_id parameter.

Remediation

References

CVE-2013-2043

Related Vulnerabilities

WordPress Plugin PG Flash Gallery Cross-Site Scripting (4.1.1)

Oracle JRE CVE-2013-5840 Vulnerability (CVE-2013-5840)

WordPress Plugin PDF & Print by BestWebSoft Cross-Site Scripting (1.7.4)

Oracle Database Server CVE-2012-1745 Vulnerability (CVE-2012-1745)

Joomla Other Vulnerability (CVE-2013-1453)

Severity

Medium

Classification

CVE-2013-2043 CWE-264

Tags

Missing Update Known Vulnerabilities