NVD

Id
36651  
Name
CVE-2013-0304  
Description
ownCloud Server before 4.5.7 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to /apps/calendar/export.php. NOTE: this issue has been reported as a cross-site request forgery (CSRF) vulnerability, but due to lack of details, it is uncertain what the root cause is.  
Reject
 
CVSS Version
2  
CVSS Score
4  
Severity
Medium  
CVSS Base Score
4  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8  
CVSS Vector
(AV:N/AC:L/Au:S/C:P/I:N/A:N)  
Pub Date
2017-01-18  
Published
2014-06-05  
Modified Date
2014-06-05  
Seq
2013-0304  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
187307 36651 CVE-2013-0304 http://owncloud.org/about/security/advisories/oC-SA-2013-007/  View
187308 36651 CVE-2013-0304 http://securite.intrinsec.com/wp-content/uploads/2013/02/ISEC-V2013-01-v-1.0-Owncloud-4.5.4-Arbitrary-calendar-export.pdf  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
24986 JVNDB-2013-006561 ownCloud Server における任意のカレンダーを読まれる脆弱性 ownCloud Server は、カレンダーの所有権を適切にチェックしないため、任意のカレンダーを読まれる脆弱性が存在します。 CVE-2013-0304 60246 CVE-2013-0304 36651 4 http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-006561.html 2013-02-20 2014-06-06 View