Description
A logical error in ownCloud Server before 10.0.2 caused disclosure of valid share tokens for public calendars. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token.
References (1)
Core 1
Core References
Broken Link, Vendor Advisory x_refsource_confirm
https://owncloud.org/security/advisory/?id=oc-sa-2017-005
Scores
CVSS v3
5.3
EPSS
0.0024
EPSS Percentile
46.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
Status
published
Products (1)
owncloud/owncloud
< 10.0.2
Published
Jul 17, 2017
Tracked Since
Feb 18, 2026