{"containers": {"cna": {"affected": [{"product": "Nextcloud Server", "vendor": "n/a", "versions": [{"status": "affected", "version": "16.0.2"}]}], "descriptions": [{"lang": "en", "value": "Improper permissions preservation in Nextcloud Server 16.0.1 causes sharees to be able to reshare with write permissions when sharing the mount point of a share they received, as a public link."}], "problemTypes": [{"descriptions": [{"description": "Privilege Escalation (CAPEC-233)", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-02-17T18:06:07.000Z", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://hackerone.com/reports/619484"}, {"tags": ["x_refsource_MISC"], "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-012"}, {"name": "openSUSE-SU-2020:0220", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html"}, {"name": "openSUSE-SU-2020:0229", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "support@hackerone.com", "ID": "CVE-2019-15621", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Nextcloud Server", "version": {"version_data": [{"version_value": "16.0.2"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Improper permissions preservation in Nextcloud Server 16.0.1 causes sharees to be able to reshare with write permissions when sharing the mount point of a share they received, as a public link."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Privilege Escalation (CAPEC-233)"}]}]}, "references": {"reference_data": [{"name": "https://hackerone.com/reports/619484", "refsource": "MISC", "url": "https://hackerone.com/reports/619484"}, {"name": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-012", "refsource": "MISC", "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-012"}, {"name": "openSUSE-SU-2020:0220", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html"}, {"name": "openSUSE-SU-2020:0229", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T00:56:22.056Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://hackerone.com/reports/619484"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-012"}, {"name": "openSUSE-SU-2020:0220", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html"}, {"name": "openSUSE-SU-2020:0229", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.html"}]}]}, "cveMetadata": {"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2019-15621", "datePublished": "2020-02-04T19:08:57.000Z", "dateReserved": "2019-08-26T00:00:00.000Z", "dateUpdated": "2024-08-05T00:56:22.056Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "6CECA205-0B13-4AF4-8EDA-6515068DB461", "versionEndExcluding": "14.0.13", "vulnerable": true}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "AE568F12-81AB-44E6-AAD7-AB6D4DE7B9CE", "versionEndExcluding": "15.0.9", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "930E2DE7-4D34-4634-8FC4-CDEB45A9B8EF", "versionEndExcluding": "16.0.2", "versionStartIncluding": "16.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Improper permissions preservation in Nextcloud Server 16.0.1 causes sharees to be able to reshare with write permissions when sharing the mount point of a share they received, as a public link."}, {"lang": "es", "value": "Una preservaci\u00f3n de permisos inapropiada en Nextcloud Server versi\u00f3n 16.0.1, causa que los recursos compartidos sean capaces de compartir con permisos de escritura cuando comparte el punto de montaje de un recurso compartido que recibieron, como un enlace p\u00fablico."}], "id": "CVE-2019-15621", "lastModified": "2024-11-21T04:29:08.857", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-02-04T20:15:12.527", "references": [{"source": "support@hackerone.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html"}, {"source": "support@hackerone.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.html"}, {"source": "support@hackerone.com", "tags": ["Permissions Required"], "url": "https://hackerone.com/reports/619484"}, {"source": "support@hackerone.com", "tags": ["Vendor Advisory"], "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-012"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://hackerone.com/reports/619484"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-012"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-281"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}