CVE-2015-6670
Summary
| CVE | CVE-2015-6670 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2015-10-26 14:59:09 UTC |
| Updated | 2026-05-06 22:30:45 UTC |
| Description | ownCloud Server before 7.0.8, 8.0.x before 8.0.6, and 8.1.x before 8.1.1 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to apps/calendar/export.php. |
Risk And Classification
Primary CVSS: v2.0 4 from [email protected]
AV:N/AC:L/Au:S/C:P/I:N/A:N
Problem Types: NVD-CWE-Other | n/a
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
SingleConfidentiality
PartialIntegrity
NoneAvailability
NoneAV:N/AC:L/Au:S/C:P/I:N/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Owncloud | Owncloud Server | 7.0.0 | All | All | All |
| Application | Owncloud | Owncloud Server | 7.0.1 | All | All | All |
| Application | Owncloud | Owncloud Server | 7.0.2 | All | All | All |
| Application | Owncloud | Owncloud Server | 7.0.3 | All | All | All |
| Application | Owncloud | Owncloud Server | 7.0.4 | All | All | All |
| Application | Owncloud | Owncloud Server | 7.0.5 | All | All | All |
| Application | Owncloud | Owncloud Server | 7.0.6 | All | All | All |
| Application | Owncloud | Owncloud Server | 7.0.7 | All | All | All |
| Application | Owncloud | Owncloud Server | 8.0.0 | All | All | All |
| Application | Owncloud | Owncloud Server | 8.0.2 | All | All | All |
| Application | Owncloud | Owncloud Server | 8.0.3 | All | All | All |
| Application | Owncloud | Owncloud Server | 8.0.4 | All | All | All |
| Application | Owncloud | Owncloud Server | 8.0.5 | All | All | All |
| Application | Owncloud | Owncloud Server | 8.1.0 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Debian -- Security Information -- DSA-3373-1 owncloud | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | |
| Advisory | ownCloud.org | af854a3a-2127-422b-91ae-364da2661108 | owncloud.org | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.