Lucene search

GoogleOSV:CVE-2019-15624

HistoryFeb 04, 2020 - 8:15 p.m.

CVE-2019-15624

2020-02-0420:15:12

Google

osv.dev

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

6.6 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

45.7%

JSON

Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders.

CPENameOperatorVersion
servereq15.0.1RC1
servereq15.0.1RC2
servereq15.0.2
servereq15.0.4
servereq15.0.8RC1
servereq15.0.7
servereq15.0.6RC1
servereq15.0.3RC1
servereq15.0.5RC2
servereq15.0.5RC1

Name	Operator	Version
server	eq	15.0.1RC1
server	eq	15.0.1RC2
server	eq	15.0.2
server	eq	15.0.4
server	eq	15.0.8RC1
server	eq	15.0.7
server	eq	15.0.6RC1
server	eq	15.0.3RC1
server	eq	15.0.5RC2
server	eq	15.0.5RC1

Rows per page:

1-10 of 151

References

lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html

lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.html

hackerone.com/reports/508493

nextcloud.com/security/advisory/?id=NC-SA-2019-015

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

6.6 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

45.7%

JSON

Related for OSV:CVE-2019-15624