Vulnerability Description
ownCloud Server before 7.0.8, 8.0.x before 8.0.6, and 8.1.x before 8.1.1 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to apps/calendar/export.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Owncloud | Owncloud Server | 7.0.0 |
References
- http://www.debian.org/security/2015/dsa-3373
- https://owncloud.org/security/advisory/?id=oc-sa-2015-015Vendor Advisory
- http://www.debian.org/security/2015/dsa-3373
- https://owncloud.org/security/advisory/?id=oc-sa-2015-015Vendor Advisory
FAQ
What is CVE-2015-6670?
CVE-2015-6670 is a vulnerability with a CVSS score of 4.0 (MEDIUM). ownCloud Server before 7.0.8, 8.0.x before 8.0.6, and 8.1.x before 8.1.1 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the cal...
How severe is CVE-2015-6670?
CVE-2015-6670 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-6670?
Check the references section above for vendor advisories and patch information. Affected products include: Owncloud Owncloud Server.