VDB
CVE-2013-0304
CVE-2013-0304
PUBLISHED
CVSS 4 MEDIUM
ownCloud Server before 4.5.7 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to /apps/calendar/export.php. NOTE: this issue has been reported as a cross-site request forgery (CSRF) vulnerability, but due to lack of details, it is uncertain what the root cause is.
EPSS 0.28% · 52.1th percentile
Risk Scores
CVSS 2.0
4
EPSS Score
0.28%
52.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| owncloud | owncloud | 0 |
| owncloud | owncloud_server | 4.5.2, 4.5.3, 4.5.4 |
Timeline
- Jun 5, 2014 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- http://owncloud.org/about/security/advisories/oC-SA-2013-007/ url
- http://securite.intrinsec.com/wp-content/uploads/2013/02/ISEC-V2013-01-v-1.0-Owncloud-4.5.4-Arbitrary-calendar-export.pdf url
- https://nvd.nist.gov/vuln/detail/CVE-2013-0304 advisory
- http://owncloud.org/about/security/advisories/oC-SA-2013-007 url