CVE-2019-15624
Description
Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders.
Related CPE's
References
Vendor Advisory
ExploitThird Party Advisory
Mailing ListThird Party Advisory
Mailing ListThird Party Advisory
CvssV3 impact
Version | 3.1 |
VectorString | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N |
AttackVector | NETWORK |
AttackComplexity | LOW |
PrivilegesRequired | HIGH |
UserInteraction | NONE |
Scope | UNCHANGED |
ConfidentialityImpact | NONE |
IntegrityImpact | HIGH |
AvailabilityImpact | NONE |
BaseScore | 4.9 |
BaseSeverity | MEDIUM |
CvssV2 impact
Version | 2.0 |
VectorString | AV:N/AC:L/Au:S/C:N/I:P/A:N |
AccessVector | NETWORK |
AccessComplexity | LOW |
Authentication | SINGLE |
ConfidentialityImpact | NONE |
IntegrityImpact | PARTIAL |
AvailabilityImpact | NONE |
BaseScore | 4 |