CVE-2013-1963
Published: 14 March 2014
The contacts application in ownCloud before 4.5.10 and 5.x before 5.0.5 does not properly check the ownership of contacts, which allows remote authenticated users to download arbitrary contacts via unspecified vectors.
Notes
| Author | Note |
|---|---|
| jdstrand | Per upstream, only 5.x and 4.5.x affected |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
owncloud Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Does not exist
|
|
| oneiric |
Not vulnerable
|
|
| precise |
Not vulnerable
|
|
| quantal |
Not vulnerable
(4.0.8debian-1.1ubuntu0.1)
|
|
| raring |
Ignored
(end of life)
|
|
| saucy |
Not vulnerable
(5.0.10+dfsg-1ubuntu1)
|
|
| trusty |
Does not exist
(trusty was not-affected [6.0.1+dfsg-1ubuntu1])
|
|
| upstream |
Released
(5.0.5)
|