CVE-2015-6670

ownCloud Server <7.0.8, <8.0.6, <8.1.1 - Info Disclosure

Title source: llm
STIX 2.1

Description

ownCloud Server before 7.0.8, 8.0.x before 8.0.6, and 8.1.x before 8.1.1 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to apps/calendar/export.php.

References (2)

Core 2
Core References
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2015/dsa-3373
Vendor Advisory x_refsource_confirm
https://owncloud.org/security/advisory/?id=oc-sa-2015-015

Scores

EPSS 0.0018
EPSS Percentile 38.7%

Details

Status published
Products (14)
owncloud/owncloud_server 7.0.0
owncloud/owncloud_server 7.0.1
owncloud/owncloud_server 7.0.2
owncloud/owncloud_server 7.0.3
owncloud/owncloud_server 7.0.4
owncloud/owncloud_server 7.0.5
owncloud/owncloud_server 7.0.6
owncloud/owncloud_server 7.0.7
owncloud/owncloud_server 8.0.0
owncloud/owncloud_server 8.0.2
... and 4 more
Published Oct 26, 2015
Tracked Since Feb 18, 2026