CVE-2015-6670

ownCloud Server before 7.0.8, 8.0.x before 8.0.6, and 8.1.x before 8.1.1 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to apps/calendar/export.php.

Affected Software

Name	Vendor	Start Version	End Version
Owncloud_server	Owncloud	7.0.0 (including)	7.0.0 (including)
Owncloud_server	Owncloud	7.0.1 (including)	7.0.1 (including)
Owncloud_server	Owncloud	7.0.2 (including)	7.0.2 (including)
Owncloud_server	Owncloud	7.0.3 (including)	7.0.3 (including)
Owncloud_server	Owncloud	7.0.4 (including)	7.0.4 (including)
Owncloud_server	Owncloud	7.0.5 (including)	7.0.5 (including)
Owncloud_server	Owncloud	7.0.6 (including)	7.0.6 (including)
Owncloud_server	Owncloud	7.0.7 (including)	7.0.7 (including)
Owncloud_server	Owncloud	8.0.0 (including)	8.0.0 (including)
Owncloud_server	Owncloud	8.0.2 (including)	8.0.2 (including)
Owncloud_server	Owncloud	8.0.3 (including)	8.0.3 (including)
Owncloud_server	Owncloud	8.0.4 (including)	8.0.4 (including)
Owncloud_server	Owncloud	8.0.5 (including)	8.0.5 (including)
Owncloud_server	Owncloud	8.1.0 (including)	8.1.0 (including)
Owncloud	Ubuntu	upstream	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-6670
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References