| Summary: | www-apps/owncloud-{7.0.10,8.0.8,8.1.1}: Authorization Bypass Through User-Controlled Key (oC-SA-2015-015) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | trivial | CC: | voyageur, web-apps |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://owncloud.org/security/advisory/?id=oc-sa-2015-015 | ||
| Whiteboard: | ~4 [noglsa] | ||
| Package list: | Runtime testing required: | --- | |
Vulnerable versions removed: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=98bfa53ed0489308a35f23bd7e24784cbbd8012c |
From ${URL} : Description Due to not properly checking the ownership of an calendar, an authenticated attacker is able to download calendars of other users via the “calid” GET parameter to export.php in /apps/calendar/ Affected Software ownCloud Server < 8.1.1 (CVE-2015-6670) ownCloud Server < 8.0.6 (CVE-2015-6670) ownCloud Server < 7.0.8 (CVE-2015-6670) @maintainer(s): since the package or the affected version has never been marked as stable, we don't need to stabilize it. After the bump, please remove the affected versions from the tree.