Bypassing owner_write and owner_only limitations in Radicale before 1.1

Bypassing owner_write and owner_only limitations in Radicale before 1.1

CVE-2015-8748 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

Radicale before 1.1 allows remote authenticated users to bypass owner_write and owner_only limitations via regex metacharacters in the user name, as demonstrated by ".*".

Learn more about our User Device Pen Test.