CVE-2013-2043 — Owncloud vulnerability

CWE-2647 documents5 sources

Severity

4.0MEDIUMNVD

EPSS

0.2%

top 60.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Owncloud Owncloud Server

Timeline

PublishedMar 14

Latest updateMay 17

Description

apps/calendar/ajax/events.php in ownCloud before 4.5.11 and 5.x before 5.0.6 does not properly check the ownership of a calendar, which allows remote authenticated users to download arbitrary calendars via the calendar_id parameter.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages3 packages

▶Ubuntuowncloud/owncloud< 6.0.1+dfsg-1ubuntu1

▶NVDowncloud/owncloud4.5.10

▶NVDowncloud/owncloud_server16 versions+15

Patches

Patch: owncloud.org ↗Patch: owncloud.org ↗

🔴Vulnerability Details

GHSA

GHSA-p3wf-rfr5-r5vq: apps/calendar/ajax/events↗2022-05-17

▶

OSV

CVE-2013-2043: apps/calendar/ajax/events↗2014-03-14

▶

CVEList

CVE-2013-2043: apps/calendar/ajax/events↗2014-03-14

▶

💬Community

Bugzilla

CVE-2013-2039 CVE-2013-2040 CVE-2013-2042 CVE-2013-2043 CVE-2013-2046 owncloud: multiple flaws corrected in version 4.5.11↗2013-05-14

▶

Bugzilla

CVE-2013-2039 CVE-2013-2040 CVE-2013-2042 CVE-2013-2043 CVE-2013-2046 owncloud: multiple flaws corrected in version 4.5.11 [fedora-18]↗2013-05-14

▶

Bugzilla

CVE-2013-2039 CVE-2013-2040 CVE-2013-2042 CVE-2013-2043 CVE-2013-2046 owncloud: multiple flaws corrected in version 4.5.11 [epel-6]↗2013-05-14

▶