OwnCloud 'calendar_id' Parameter Privilege Escalation Vulnerability Network Vulnerability

Summary

This host is installed with ownCloud and is prone to privilege escalation vulnerability.

Impact

Successful exploitation will allow remote attackers to gain privilege and download calendars of other users. Impact Level: Application

Solution

Upgrade to ownCloud version 4.5.11 or 5.0.6 or later, For updates refer to http://owncloud.org

Insight

The flaw exists due to improper verification of input passed via the 'calendar_id' parameter passed to apps/calendar/ajax/events.php when checking for ownership.

Affected

ownCloud Server 4.5.x before version 4.5.11 and 5.x before 5.0.6

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://owncloud.org/about/security/advisories/oC-SA-2013-024
http://seclists.org/oss-sec/2013/q2/324

Updated on 2017-03-28

Severity

Classification

CVE CVE-2013-2043

CVSS	Base Score: 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N

Related Vulnerabilities

2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities
Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
Apache Archiva Home Page Cross-Site Scripting vulnerability
Apache Archiva Cross Site Request Forgery Vulnerability
Apache Struts Cross Site Scripting Vulnerability

ownCloud 'calendar_id' Parameter privilege Escalation Vulnerability

Take action and discover your vulnerabilities