Vulnerability Details CVE-2015-6670
ownCloud Server before 7.0.8, 8.0.x before 8.0.6, and 8.1.x before 8.1.1 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to apps/calendar/export.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.014
EPSS Ranking 69.3%
CVSS Severity
CVSS v2 Score 4.0
References
Products affected by CVE-2015-6670
-
cpe:2.3:a:owncloud:owncloud_server:7.0.0
-
cpe:2.3:a:owncloud:owncloud_server:7.0.1
-
cpe:2.3:a:owncloud:owncloud_server:7.0.2
-
cpe:2.3:a:owncloud:owncloud_server:7.0.3
-
cpe:2.3:a:owncloud:owncloud_server:7.0.4
-
cpe:2.3:a:owncloud:owncloud_server:7.0.5
-
cpe:2.3:a:owncloud:owncloud_server:7.0.6
-
cpe:2.3:a:owncloud:owncloud_server:7.0.7
-
cpe:2.3:a:owncloud:owncloud_server:8.0.0
-
cpe:2.3:a:owncloud:owncloud_server:8.0.2
-
cpe:2.3:a:owncloud:owncloud_server:8.0.3
-
cpe:2.3:a:owncloud:owncloud_server:8.0.4
-
cpe:2.3:a:owncloud:owncloud_server:8.0.5
-
cpe:2.3:a:owncloud:owncloud_server:8.1.0