CVE-2013-0304

Name of the Vulnerable Software and Affected Versions ownCloud Server versions prior to 4.5.7

Description The issue allows remote authenticated users to read arbitrary calendars due to improper ownership checking of calendars. This can be achieved via the calid parameter to the "/apps/calendar/export.php" API endpoint. The root cause of the issue is uncertain due to a lack of details, with reports suggesting it may be related to a cross-site request forgery (CSRF) vulnerability.

Recommendations For ownCloud Server versions prior to 4.5.7, update to version 4.5.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/apps/calendar/export.php" API endpoint to minimize the risk of exploitation. Avoid using the calid parameter in the affected API endpoint until the issue is resolved.