Red Hat Bugzilla – Bug 1264363
CVE-2015-6670 owncloud: Authorization Bypass Through User-Controlled Key in Calendar Export
Last modified: 2017-01-03 03:27:31 EST
Due to not properly checking the ownership of an calendar, an authenticated attacker is able to download calendars of other users via the “calid” GET parameter to export.php in /apps/calendar/
owncloud < 8.1.1
owncloud < 8.0.6
owncloud < 7.0.8
Created owncloud tracking bugs for this issue:
Affects: fedora-all [bug 1264368]
Affects: epel-6 [bug 1264369]
Affects: epel-7 [bug 1264371]
8.0.7 is pending stable for all releases except EL6 now. We need to bump EL6 to 7.0.10, for https://bugzilla.redhat.com/show_bug.cgi?id=1254908#c7 .
All dependent bugs closed.
(In reply to Shawn Iwinski from comment #3)
> All dependent bugs closed.