Vulnerability CVE-2019-15624

Vulnerability Name:

CVE-2019-15624 (CCN-175790)

Assigned:

2019-08-12

Published:

2019-08-12

Updated:

2022-01-01

Summary:

Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders.

CVSS v3 Severity:

4.9 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N)
4.3 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): High User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): High Availibility (A): None

9.1 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)
7.9 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): High User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-20

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2019-15624

Source: SUSE
Type: Mailing List, Third Party Advisory
openSUSE-SU-2020:0220

Source: SUSE
Type: Mailing List, Third Party Advisory
openSUSE-SU-2020:0229

Source: XF
Type: UNKNOWN
nextcloud-cve201915624-sec-bypass(175790)

Source: MISC
Type: Exploit, Third Party Advisory
https://hackerone.com/reports/508493

Source: CCN
Type: NC-SA-2019-015
Group admins can create users with IDs of system folders

Source: MISC
Type: Vendor Advisory
https://nextcloud.com/security/advisory/?id=NC-SA-2019-015

Vulnerable Configuration:

Configuration 1:

cpe:/a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:* (Version < 14.0.11)

OR cpe:/a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:* (Version >= 15.0.0 and < 15.0.8)

Configuration 2:

cpe:/o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux_enterprise_server:12:-:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:nextcloud:nextcloud_server:15.0.7:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:201915624	V	CVE-2019-15624	2021-10-24
oval:org.opensuse.security:def:63230	P	postgresql-contrib-10-6.8 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:74729	P	Security update for go1.16 (Moderate)	2021-08-20
oval:org.opensuse.security:def:63433	P	liblcms2-2-32bit-2.9-3.3.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:62734	P	bluez-devel-5.55-1.57 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62727	P	ImageMagick-7.0.7.34-10.15.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62759	P	hplip-3.20.11-2.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62731	P	accountsservice-0.6.55-3.14 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:93567	P	(Important)	2021-06-08
oval:org.opensuse.security:def:100273	P	(Important)	2021-04-30
oval:org.opensuse.security:def:64484	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:93560	P	(Important)	2021-04-01
oval:org.opensuse.security:def:64654	P	Security update for avahi (Moderate)	2021-02-23
oval:org.opensuse.security:def:64542	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:100280	P	(Important)	2021-01-20
oval:org.opensuse.security:def:64275	P	Security update for curl (Moderate)	2020-12-09
oval:org.opensuse.security:def:64274	P	Security update for python-urllib3 (Moderate)	2020-12-09
oval:org.opensuse.security:def:63580	P	icedtea-web-1.7.1-5.13 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62937	P	bsdtar-3.4.2-2.24 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:25679	P	Security update for tcpdump (Moderate)	2020-12-01
oval:org.opensuse.security:def:25061	P	Security update for libseccomp (Moderate)	2020-12-01
oval:org.opensuse.security:def:25767	P	Security update for DirectFB (Important)	2020-12-01
oval:org.opensuse.security:def:64138	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:25253	P	Security update for tomcat (Important)	2020-12-01
oval:org.opensuse.security:def:25825	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:25391	P	Security update for ovmf (Moderate)	2020-12-01
oval:org.opensuse.security:def:26498	P	Security update for nextcloud (Moderate)	2020-12-01
oval:org.opensuse.security:def:25626	P	Security update for libqt5-qtbase (Important)	2020-12-01
oval:org.opensuse.security:def:25050	P	Security update for nfs-utils (Moderate)	2020-12-01
oval:org.opensuse.security:def:74596	P	Security update for perl-DBI (Important)	2020-12-01
oval:org.opensuse.security:def:64382	P	libsmi on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:63809	P	Security update for accountsservice (Moderate)	2020-12-01
oval:org.opensuse.security:def:25125	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25049	P	Security update for accountsservice (Moderate)	2020-12-01
oval:org.opensuse.security:def:25781	P	Security update for libqt4 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25334	P	Security update for java-1_8_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:26463	P	Security update for enigmail (Moderate)	2020-12-01
oval:org.opensuse.security:def:25475	P	Security update for libssh (Important)	2020-12-01
oval:org.opensuse.security:def:110366	P	Security update for nextcloud (Moderate)	2020-02-15

BACK