CVE-2013-1963
Published: 14 March 2014
The contacts application in ownCloud before 4.5.10 and 5.x before 5.0.5 does not properly check the ownership of contacts, which allows remote authenticated users to download arbitrary contacts via unspecified vectors.
Notes
Author | Note |
---|---|
jdstrand | Per upstream, only 5.x and 4.5.x affected |
Priority
Status
Package | Release | Status |
---|---|---|
owncloud Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
oneiric |
Not vulnerable
|
|
precise |
Not vulnerable
|
|
quantal |
Not vulnerable
(4.0.8debian-1.1ubuntu0.1)
|
|
raring |
Ignored
(end of life)
|
|
saucy |
Not vulnerable
(5.0.10+dfsg-1ubuntu1)
|
|
trusty |
Does not exist
(trusty was not-affected [6.0.1+dfsg-1ubuntu1])
|
|
upstream |
Released
(5.0.5)
|