Arbitrary Calendar Reading Vulnerability in ownCloud Server

Arbitrary Calendar Reading Vulnerability in ownCloud Server

CVE-2015-6670 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

ownCloud Server before 7.0.8, 8.0.x before 8.0.6, and 8.1.x before 8.1.1 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to apps/calendar/export.php.

Learn more about our Cis Benchmark Audit For Server Software.