CVE-2013-0304 — Owncloud vulnerability

CWE-2643 documents3 sources

Severity

4.0MEDIUMNVD

EPSS

0.2%

top 60.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Owncloud Owncloud Server

Timeline

PublishedJun 5

Latest updateMay 5

Description

ownCloud Server before 4.5.7 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to /apps/calendar/export.php. NOTE: this issue has been reported as a cross-site request forgery (CSRF) vulnerability, but due to lack of details, it is uncertain what the root cause is.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages2 packages

▶NVDowncloud/owncloud_server6 versions+5

▶NVDowncloud/owncloud4.5.6

🔴Vulnerability Details

GHSA

GHSA-7qg6-gcc3-hfpq: ownCloud Server before 4↗2022-05-05

▶

CVEList

CVE-2013-0304: ownCloud Server before 4↗2014-06-05

▶