PT-2020-9748 · Nextcloud+2 · Nextcloud Server+2

Published

2019-05-07

Updated

2022-01-01

CVE-2019-15624

CVSS v3.1

4.9

Medium

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Nextcloud Server version 15.0.7

Description The issue is related to improper input validation, allowing group admins to create users with IDs of system folders.

Recommendations For Nextcloud Server version 15.0.7, consider restricting the ability of group admins to create new users until a fix is available. As a temporary workaround, monitor user creation activities closely to prevent potential misuse of system folder IDs.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2019-1778

CVE-2019-15624

OPENSUSE-SU-2020:0220-1

OPENSUSE-SU-2020:0229-1

OPENSUSE-SU-2020_0220-1

Affected Products

Alt Linux

Nextcloud Server

Suse

PT-2020-9748 · Nextcloud+2 · Nextcloud Server+2

CVE-2019-15624

Weakness Enumeration

Related Identifiers

Affected Products

References · 23