CVE-2019-15624 — Improper Input Validation in Server

CWE-20 — Improper Input Validation6 documents4 sources

Severity

4.9MEDIUMNVD

EPSS

0.3%

top 45.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nextcloud Server Opensuse Backports Suse Linux Enterprise Server

Timeline

PublishedFeb 4

Latest updateMay 24

Description

Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages4 packages

▶NVDnextcloud/nextcloud_server15.0.0 — 15.0.8+1

▶CVEListV5nextcloud/nextcloud_server15.0.7

▶NVDsuse/suse_linux_enterprise_server12

▶NVDopensuse/backportssle-15

🔴Vulnerability Details

GHSA

GHSA-pqcg-83hr-mr43: Improper Input Validation in Nextcloud Server 15↗2022-05-24

▶

CVEList

CVE-2019-15624: Improper Input Validation in Nextcloud Server 15↗2020-02-04

▶

💬Community

Bugzilla

CVE-2019-15613 CVE-2019-15612 CVE-2019-15616 CVE-2019-15617 CVE-2019-15618 CVE-2019-15621 CVE-2019-15623 CVE-2019-15624 CVE-2020-8118 CVE-2020-8119 CVE-2020-8121 CVE-2020-8122 nextcloud: Several CVEs ↗2020-02-21

▶

Bugzilla

CVE-2019-15612 CVE-2019-15613 CVE-2019-15616 CVE-2019-15617 CVE-2019-15618 CVE-2019-15621 CVE-2019-15623 CVE-2019-15624 CVE-2020-8118 CVE-2020-8119 CVE-2020-8121 CVE-2020-8122 nextcloud: Several CVEs ↗2020-02-21

▶

Bugzilla

▶