CVE-2015-6670 Information

Description

ownCloud Server before 7.0.8 8.0.x before 8.0.6 and 8.1.x before 8.1.1 does not properly check ownership of calendars which allows remote authenticated users to read arbitrary calendars via the calid parameter to apps/calendar/export.php.

Reference

http://www.debian.org/security/2015/dsa-3373 https://owncloud.org/security/advisory/?id=oc-sa-2015-015