Candidate: CVE-2013-2043
PublicDate: 2014-03-14 16:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2043
 http://owncloud.org/about/security/advisories/oC-SA-2013-024/
Description:
 apps/calendar/ajax/events.php in ownCloud before 4.5.11 and 5.x before
 5.0.6 does not properly check the ownership of a calendar, which allows
 remote authenticated users to download arbitrary calendars via the
 calendar_id parameter.
Ubuntu-Description:
Notes:
 jdstrand> per upstream, 4.0 not affected
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_owncloud:
upstream_owncloud: released (5.0.6)
lucid_owncloud: DNE
precise_owncloud: not-affected
quantal_owncloud: not-affected (4.0.8debian-1.1ubuntu0.1)
raring_owncloud: ignored (reached end-of-life)
saucy_owncloud: not-affected (5.0.10+dfsg-1ubuntu1)
trusty_owncloud: not-affected (6.0.1+dfsg-1ubuntu1)
trusty/esm_owncloud: DNE (trusty was not-affected [6.0.1+dfsg-1ubuntu1])
devel_owncloud: not-affected (6.0.1+dfsg-1ubuntu1)