4

CVE-2013-0304

EPSS 0.18%
Published 05.06.2014 15:44:07
Last modified 12.04.2025 10:46:40
Source secalert@redhat.com
Teams watchlist Login
Open Login

ownCloud Server before 4.5.7 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to /apps/calendar/export.php.  NOTE: this issue has been reported as a cross-site request forgery (CSRF) vulnerability, but due to lack of details, it is uncertain what the root cause is.

Affected products Warnungen 0 Metrics 2 CWE 0 References 5

Data is provided by the National Vulnerability Database (NVD)

Owncloud ≫ Owncloud Version <= 4.5.6

Owncloud ≫ Owncloud Server Version4.5.0

Owncloud ≫ Owncloud Server Version4.5.1

Owncloud ≫ Owncloud Server Version4.5.2

Owncloud ≫ Owncloud Server Version4.5.3

Owncloud ≫ Owncloud Server Version4.5.4

Owncloud ≫ Owncloud Server Version4.5.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.18%	0.359

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N

http://owncloud.org/about/security/advisories/oC-SA-2013-007/

Vendor Advisory

http://securite.intrinsec.com/wp-content/uploads/2013/02/ISEC-V2013-01-v-1.0-Owncloud-4.5.4-Arbitrary-calendar-export.pdf

https://nvd.nist.gov/vuln/detail/CVE-2013-0304

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-0304

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-0304

EUVD