CVE-2012-4390

owncloud < 4.0.7 - Authenticated User Enumeration via Calendar and Contacts Remote Endpoints

Title source: llm
STIX 2.1

Description

(1) apps/calendar/appinfo/remote.php and (2) apps/contacts/appinfo/remote.php in ownCloud before 4.0.7 allows remote authenticated users to enumerate the registered users via unspecified vectors.

References (3)

Core 3
Core References
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/09/02/2
Various Sources x_refsource_confirm
http://owncloud.org/changelog/

Scores

EPSS 0.0020
EPSS Percentile 41.7%

Details

CWE
CWE-200
Status published
Products (11)
owncloud/owncloud < 4.0.6
owncloud/owncloud_server 3.0.0
owncloud/owncloud_server 3.0.1
owncloud/owncloud_server 3.0.2
owncloud/owncloud_server 3.0.3
owncloud/owncloud_server 4.0.0
owncloud/owncloud_server 4.0.1
owncloud/owncloud_server 4.0.2
owncloud/owncloud_server 4.0.3
owncloud/owncloud_server 4.0.4
... and 1 more
Published Sep 05, 2012
Tracked Since Feb 18, 2026