MidnightBSD

Advisories for radicale

CVE-2015-8747 HIGH

The multifilesystem storage backend in Radicale before 1.1 allows remote attackers to read or write to arbitrary files via a crafted component name.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
radicale radicale *
CVE-2015-8748 MEDIUM

Radicale before 1.1 allows remote authenticated users to bypass owner_write and owner_only limitations via regex metacharacters in the user name, as demonstrated by ".*".

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
radicale radicale *
CVE-2016-1505 HIGH

The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a crafted path, as demonstrated by /c:/file/ignore.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-21,

Products Affected

Vendor Product Version
radicale radicale *
CVE-2017-8342 MEDIUM

Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,

Products Affected

Vendor Product Version
radicale radicale *
radicale radicale 2.0.0