CVE-2015-6670Server vulnerability

7 documents4 sources
Severity
4.0MEDIUMNVD
EPSS
0.2%
top 60.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Owncloud Server
Timeline
PublishedOct 26
Latest updateMay 17

Description

ownCloud Server before 7.0.8, 8.0.x before 8.0.6, and 8.1.x before 8.1.1 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to apps/calendar/export.php.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

NVDowncloud/owncloud_server14 versions+13

🔴Vulnerability Details

2
GHSA
GHSA-jm84-v35x-p8jw: ownCloud Server before 72022-05-17
CVEList
CVE-2015-6670: ownCloud Server before 72015-10-26

💬Community

4
Bugzilla
CVE-2015-6670 owncloud: Authorization Bypass Through User-Controlled Key in Calendar Export2015-09-18
Bugzilla
CVE-2015-6670 owncloud: Authorization Bypass Through User-Controlled Key in Calendar Export [fedora-all]2015-09-18
Bugzilla
CVE-2015-6670 owncloud: Authorization Bypass Through User-Controlled Key in Calendar Export [epel-7]2015-09-18
Bugzilla
CVE-2015-6670 owncloud: Authorization Bypass Through User-Controlled Key in Calendar Export [epel-6]2015-09-18
CVE-2015-6670 — Owncloud Server vulnerability | cvebase