CVE-2019-15613 — Improper Input Validation in Server

CWE-20 — Improper Input Validation CWE-345 — Insufficient Verification of Data Authenticity7 documents4 sources

Severity

8.0HIGHNVD

EPSS

0.3%

top 50.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nextcloud Server Opensuse Backports

Timeline

PublishedFeb 4

Latest updateMay 24

Description

A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages3 packages

▶NVDnextcloud/nextcloud_server16.0.0 — 16.0.7+2

▶CVEListV5nextcloud/nextcloud_server17.0.2

▶NVDopensuse/backportssle-15

Patches

Patch: hackerone.com ↗Patch: hackerone.com ↗

🔴Vulnerability Details

GHSA

GHSA-rc6x-59rr-4g8r: A bug in Nextcloud Server 17↗2022-05-24

▶

CVEList

CVE-2019-15613: A bug in Nextcloud Server 17↗2020-02-04

▶

💬Community

Bugzilla

CVE-2019-15613 CVE-2019-15612 CVE-2019-15616 CVE-2019-15617 CVE-2019-15618 CVE-2019-15621 CVE-2019-15623 CVE-2019-15624 CVE-2020-8118 CVE-2020-8119 CVE-2020-8121 CVE-2020-8122 nextcloud: Several CVEs ↗2020-02-21

▶

Bugzilla

CVE-2019-15612 CVE-2019-15613 CVE-2019-15616 CVE-2019-15617 CVE-2019-15618 CVE-2019-15621 CVE-2019-15623 CVE-2019-15624 CVE-2020-8118 CVE-2020-8119 CVE-2020-8121 CVE-2020-8122 nextcloud: Several CVEs ↗2020-02-21

▶

Bugzilla

▶

Bugzilla

CVE-2019-10894 wireshark: GSS-API dissector crash (wnpa-sec-2019-14)↗2019-04-09

▶