Description
The contacts application in ownCloud before 4.5.10 and 5.x before 5.0.5 does not properly check the ownership of contacts, which allows remote authenticated users to download arbitrary contacts via unspecified vectors.
Remediation
References
Related Vulnerabilities
Apache Tomcat version older than 5.5.27
WordPress Plugin Software License Manager Cross-Site Scripting (4.4.9)
Drupal Core 5.x Cross-Site Scripting (5.0 - 5.16)
Python Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-1015)
Undertow Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-3859)