CVE-2013-2043
published 2014-03-14CVE-2013-2043: apps/calendar/ajax/events.php in ownCloud before 4.5.11 and 5.x before 5.0.6 does not properly check the ownership of a calendar, which allows remote…
PriorityP422medium4CVSS 2.0
AVNACLAuSCPINAN
EPSS
1.42%
69.5th percentile
apps/calendar/ajax/events.php in ownCloud before 4.5.11 and 5.x before 5.0.6 does not properly check the ownership of a calendar, which allows remote authenticated users to download arbitrary calendars via the calendar_id parameter.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| owncloud | owncloud | <= 4.5.10 | — |
| owncloud | owncloud | >= 0 < 6.0.1+dfsg-1ubuntu1 | 6.0.1+dfsg-1ubuntu1 |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
CVSS provenance
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
osv4.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-p3wf-rfr5-r5vq: apps/calendar/ajax/events
ghsa_unreviewed·2022-05-17
CVE-2013-2043 [MEDIUM] GHSA-p3wf-rfr5-r5vq: apps/calendar/ajax/events
apps/calendar/ajax/events.php in ownCloud before 4.5.11 and 5.x before 5.0.6 does not properly check the ownership of a calendar, which allows remote authenticated users to download arbitrary calendars via the calendar_id parameter.
OSV
CVE-2013-2043: apps/calendar/ajax/events
osv·2014-03-14·CVSS 4.0
CVE-2013-2043 [MEDIUM] CVE-2013-2043: apps/calendar/ajax/events
apps/calendar/ajax/events.php in ownCloud before 4.5.11 and 5.x before 5.0.6 does not properly check the ownership of a calendar, which allows remote authenticated users to download arbitrary calendars via the calendar_id parameter.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2013-2039 CVE-2013-2040 CVE-2013-2042 CVE-2013-2043 CVE-2013-2046 owncloud: multiple flaws corrected in version 4.5.11
bugzilla·2013-05-14·CVSS 4.0
CVE-2013-2039 [MEDIUM] CVE-2013-2039 CVE-2013-2040 CVE-2013-2042 CVE-2013-2043 CVE-2013-2046 owncloud: multiple flaws corrected in version 4.5.11
CVE-2013-2039 CVE-2013-2040 CVE-2013-2042 CVE-2013-2043 CVE-2013-2046 owncloud: multiple flaws corrected in version 4.5.11
ownCloud 4.5.11 was released to correct a number of security flaws. The ones relevant to 4.5.x (which is the version we ship) are noted below. The full announcement was sent to the oss-security mailing list [1].
CVE-2013-2046: Multiple SQL Injections (oC-SA-2013-019)
- stable45: [582c3ed](https://github.com/owncloud/bookmarks/commit/582c3ed)
CVE-2013-2039: Multiple directory traversals (oC-SA-2013-020)
- stable45: [6be497c](https://github.com/owncloud/core/commit/6be497c)
CVE-2013-2040: Multiple XSS vulnerabilities (oC-SA-2013-021)
- stable45: [f9aeaa6](https://github.com/owncloud/apps/commit/f9aeaa6)
CVE-2013-2042: Multiple XSS vulnerabilities (oC-SA-2013-021)
-
Bugzilla
CVE-2013-2039 CVE-2013-2040 CVE-2013-2042 CVE-2013-2043 CVE-2013-2046 owncloud: multiple flaws corrected in version 4.5.11 [fedora-18]
bugzilla·2013-05-14·CVSS 4.0
CVE-2013-2039 [MEDIUM] CVE-2013-2039 CVE-2013-2040 CVE-2013-2042 CVE-2013-2043 CVE-2013-2046 owncloud: multiple flaws corrected in version 4.5.11 [fedora-18]
CVE-2013-2039 CVE-2013-2040 CVE-2013-2042 CVE-2013-2043 CVE-2013-2046 owncloud: multiple flaws corrected in version 4.5.11 [fedora-18]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi
Bugzilla
CVE-2013-2039 CVE-2013-2040 CVE-2013-2042 CVE-2013-2043 CVE-2013-2046 owncloud: multiple flaws corrected in version 4.5.11 [epel-6]
bugzilla·2013-05-14·CVSS 4.0
CVE-2013-2039 [MEDIUM] CVE-2013-2039 CVE-2013-2040 CVE-2013-2042 CVE-2013-2043 CVE-2013-2046 owncloud: multiple flaws corrected in version 4.5.11 [epel-6]
CVE-2013-2039 CVE-2013-2040 CVE-2013-2042 CVE-2013-2043 CVE-2013-2046 owncloud: multiple flaws corrected in version 4.5.11 [epel-6]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bod
2014-03-14
Published