Vulnerability CVE-2019-15613

Vulnerability Name:

CVE-2019-15613 (CCN-175793)

Assigned:

2019-12-04

Published:

2019-12-04

Updated:

2023-05-11

Summary:

CVSS v3 Severity:

8.0 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
7.0 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

4.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)
3.8 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

6.0 Medium (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2019-15613

Source: support@hackerone.com
Type: Mailing List, Third Party Advisory
support@hackerone.com

Source: support@hackerone.com
Type: Mailing List, Third Party Advisory
support@hackerone.com

Source: XF
Type: UNKNOWN
nextcloud-cve201915613-unspecified(175793)

Source: support@hackerone.com
Type: Patch, Third Party Advisory
support@hackerone.com

Source: CCN
Type: NC-SA-2020-002
Workflow rules only check the file extension for the mimetype instead of the content

Source: support@hackerone.com
Type: Broken Link, Vendor Advisory
support@hackerone.com

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2019-15613

Vulnerable Configuration:

Configuration CCN 1:

cpe:/a:nextcloud:nextcloud_server:17.0.1:-:*:*:*:*:*:*

OR cpe:/a:nextcloud:nextcloud_server:16.0.6:-:*:*:*:*:*:*

OR cpe:/a:nextcloud:nextcloud_server:15.0.13:-:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:201915613	V	CVE-2019-15613	2021-10-24
oval:org.opensuse.security:def:63230	P	postgresql-contrib-10-6.8 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:74729	P	Security update for go1.16 (Moderate)	2021-08-20
oval:org.opensuse.security:def:63433	P	liblcms2-2-32bit-2.9-3.3.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:62734	P	bluez-devel-5.55-1.57 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62727	P	ImageMagick-7.0.7.34-10.15.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62759	P	hplip-3.20.11-2.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62731	P	accountsservice-0.6.55-3.14 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:93567	P	(Important)	2021-06-08
oval:org.opensuse.security:def:100273	P	(Important)	2021-04-30
oval:org.opensuse.security:def:64484	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:93560	P	(Important)	2021-04-01
oval:org.opensuse.security:def:64654	P	Security update for avahi (Moderate)	2021-02-23
oval:org.opensuse.security:def:64542	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:100280	P	(Important)	2021-01-20
oval:org.opensuse.security:def:64275	P	Security update for curl (Moderate)	2020-12-09
oval:org.opensuse.security:def:64274	P	Security update for python-urllib3 (Moderate)	2020-12-09
oval:org.opensuse.security:def:63580	P	icedtea-web-1.7.1-5.13 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62937	P	bsdtar-3.4.2-2.24 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:25679	P	Security update for tcpdump (Moderate)	2020-12-01
oval:org.opensuse.security:def:25061	P	Security update for libseccomp (Moderate)	2020-12-01
oval:org.opensuse.security:def:25767	P	Security update for DirectFB (Important)	2020-12-01
oval:org.opensuse.security:def:64138	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:25253	P	Security update for tomcat (Important)	2020-12-01
oval:org.opensuse.security:def:25825	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:25391	P	Security update for ovmf (Moderate)	2020-12-01
oval:org.opensuse.security:def:26498	P	Security update for nextcloud (Moderate)	2020-12-01
oval:org.opensuse.security:def:25626	P	Security update for libqt5-qtbase (Important)	2020-12-01
oval:org.opensuse.security:def:25050	P	Security update for nfs-utils (Moderate)	2020-12-01
oval:org.opensuse.security:def:74596	P	Security update for perl-DBI (Important)	2020-12-01
oval:org.opensuse.security:def:64382	P	libsmi on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:63809	P	Security update for accountsservice (Moderate)	2020-12-01
oval:org.opensuse.security:def:25125	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25049	P	Security update for accountsservice (Moderate)	2020-12-01
oval:org.opensuse.security:def:25781	P	Security update for libqt4 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25334	P	Security update for java-1_8_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:26463	P	Security update for enigmail (Moderate)	2020-12-01
oval:org.opensuse.security:def:25475	P	Security update for libssh (Important)	2020-12-01
oval:org.opensuse.security:def:110366	P	Security update for nextcloud (Moderate)	2020-02-15

BACK