ownCloud Server before 4.5.7 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to /apps/calendar/export.php. NOTE: this issue has been reported as a cross-site request forgery (CSRF) vulnerability, but due to lack of details, it is uncertain what the root cause is.
References
Configurations
Configuration 1 (hide)
|
History
31 Mar 2025, 11:54
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Owncloud owncloud Server
|
|
| CPE | cpe:2.3:a:owncloud:owncloud:4.5.5:*:*:*:*:*:*:* cpe:2.3:a:owncloud:owncloud:4.5.1:*:*:*:*:*:*:* cpe:2.3:a:owncloud:owncloud:4.5.2:*:*:*:*:*:*:* cpe:2.3:a:owncloud:owncloud:4.5.0:*:*:*:*:*:*:* cpe:2.3:a:owncloud:owncloud:4.5.3:*:*:*:*:*:*:* |
cpe:2.3:a:owncloud:owncloud_server:4.5.5:*:*:*:*:*:*:* cpe:2.3:a:owncloud:owncloud_server:4.5.0:*:*:*:*:*:*:* cpe:2.3:a:owncloud:owncloud_server:4.5.4:*:*:*:*:*:*:* cpe:2.3:a:owncloud:owncloud_server:4.5.3:*:*:*:*:*:*:* cpe:2.3:a:owncloud:owncloud_server:4.5.2:*:*:*:*:*:*:* cpe:2.3:a:owncloud:owncloud_server:4.5.1:*:*:*:*:*:*:* |
21 Nov 2024, 01:47
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://owncloud.org/about/security/advisories/oC-SA-2013-007/ - Vendor Advisory | |
| References | () http://securite.intrinsec.com/wp-content/uploads/2013/02/ISEC-V2013-01-v-1.0-Owncloud-4.5.4-Arbitrary-calendar-export.pdf - |
Information
Published : 2014-06-05 15:44
Updated : 2025-03-31 11:54
NVD link : CVE-2013-0304
Mitre link : CVE-2013-0304
CVE.ORG link : CVE-2013-0304
JSON object : View
Products Affected
owncloud
- owncloud
- owncloud_server
CWE
CWE-264
Permissions, Privileges, and Access Controls