Arbitrary Calendar Reading Vulnerability in ownCloud Server

Arbitrary Calendar Reading Vulnerability in ownCloud Server

CVE-2013-0304 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

ownCloud Server before 4.5.7 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to /apps/calendar/export.php. NOTE: this issue has been reported as a cross-site request forgery (CSRF) vulnerability, but due to lack of details, it is uncertain what the root cause is.

Learn more about our Cis Benchmark Audit For Server Software.