← Back

CVE-2019-15613

nvd nist
Published: Feb 4, 2020Modified: Nov 21, 2024

JSON object

Loading...
8.0
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Exploitability: 2.1 / Impact: 5.9
Source: NVD

Description

A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes.

Affected (4)

Nextcloud
1 product
Nextcloud Server
Opensuse
1 product
Backports
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Nextcloud
Nextcloud Server
Before 15.0.14
Nextcloud Server
From 16.0.0 to 16.0.7
Nextcloud Server
From 17.0.0 to 17.0.2
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Backports
Version sle-15 sp1

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-345
Insufficient Verification of Data Authenticity
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

References (8)

Source: support@hackerone.com
Mailing ListThird Party Advisory
Source: support@hackerone.com
Mailing ListThird Party Advisory
Source: support@hackerone.com
PatchThird Party Advisory
Source: support@hackerone.com
Broken LinkVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkVendor Advisory

Timeline

No history available yet.