ownCloud Server before 4.5.7 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to /apps/calendar/export.php. NOTE: this issue has been reported as a cross-site request forgery (CSRF) vulnerability, but due to lack of details, it is uncertain what the root cause is.
References
Configurations
Configuration 1 (hide)
|
History
31 Mar 2025, 11:54
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:owncloud:owncloud:4.5.5:*:*:*:*:*:*:* cpe:2.3:a:owncloud:owncloud:4.5.3:*:*:*:*:*:*:* cpe:2.3:a:owncloud:owncloud:4.5.4:*:*:*:*:*:*:* cpe:2.3:a:owncloud:owncloud:4.5.1:*:*:*:*:*:*:* cpe:2.3:a:owncloud:owncloud:4.5.0:*:*:*:*:*:*:* |
cpe:2.3:a:owncloud:owncloud_server:4.5.2:*:*:*:*:*:*:* cpe:2.3:a:owncloud:owncloud_server:4.5.0:*:*:*:*:*:*:* cpe:2.3:a:owncloud:owncloud_server:4.5.1:*:*:*:*:*:*:* cpe:2.3:a:owncloud:owncloud_server:4.5.3:*:*:*:*:*:*:* cpe:2.3:a:owncloud:owncloud_server:4.5.5:*:*:*:*:*:*:* cpe:2.3:a:owncloud:owncloud_server:4.5.4:*:*:*:*:*:*:* |
| First Time |
Owncloud owncloud Server
|
Information
Published : 2014-06-05 15:44
Updated : 2025-04-12 10:46
NVD link : CVE-2013-0304
Mitre link : CVE-2013-0304
CVE.ORG link : CVE-2013-0304
JSON object : View
Products Affected
owncloud
- owncloud
- owncloud_server
CWE
CWE-264
Permissions, Privileges, and Access Controls