Chandler Project: Security Vulnerabilities
The DAV component in Chandler Server (Cosmo) before 0.10.1 does not check resource creation permissions, which allows remote authenticated users to create arbitrary resources in another user's home collection.
CVSS Score
5.5
EPSS Score
0.01
Published
2007-12-15