CVE-2019-15621

{"id": "CVE-2019-15621", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2020-02-04T20:15:12.527", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html", "source": "support@hackerone.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.html", "source": "support@hackerone.com"}, {"url": "https://hackerone.com/reports/619484", "tags": ["Permissions Required"], "source": "support@hackerone.com"}, {"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-012", "tags": ["Vendor Advisory"], "source": "support@hackerone.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://hackerone.com/reports/619484", "tags": ["Permissions Required"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-012", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-281"}]}], "descriptions": [{"lang": "en", "value": "Improper permissions preservation in Nextcloud Server 16.0.1 causes sharees to be able to reshare with write permissions when sharing the mount point of a share they received, as a public link."}, {"lang": "es", "value": "Una preservaci\u00f3n de permisos inapropiada en Nextcloud Server versi\u00f3n 16.0.1, causa que los recursos compartidos sean capaces de compartir con permisos de escritura cuando comparte el punto de montaje de un recurso compartido que recibieron, como un enlace p\u00fablico."}], "lastModified": "2024-11-21T04:29:08.857", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6CECA205-0B13-4AF4-8EDA-6515068DB461", "versionEndExcluding": "14.0.13"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE568F12-81AB-44E6-AAD7-AB6D4DE7B9CE", "versionEndExcluding": "15.0.9", "versionStartIncluding": "15.0.0"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "930E2DE7-4D34-4634-8FC4-CDEB45A9B8EF", "versionEndExcluding": "16.0.2", "versionStartIncluding": "16.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "support@hackerone.com"}