CVE-2019-15613

Опубликовано: 04 фев. 2020

Источник: nvd

CVSS3: 8

CVSS2: 6

EPSS Низкий

Описание

A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.html
Mailing List
Third Party Advisory
https://hackerone.com/reports/697959
Patch
Third Party Advisory
https://nextcloud.com/security/advisory/?id=NC-SA-2020-002
Broken Link
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.html
Mailing List
Third Party Advisory
https://hackerone.com/reports/697959
Patch
Third Party Advisory
https://nextcloud.com/security/advisory/?id=NC-SA-2020-002
Broken Link
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*

Версия до 15.0.14 (исключая)

cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*

Версия от 16.0.0 (включая) до 16.0.7 (исключая)

cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*

Версия от 17.0.0 (включая) до 17.0.2 (исключая)

Конфигурация 2

cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*

EPSS

Процентиль: 50%

0.00264

Низкий

8 High

CVSS3

6 Medium

CVSS2

Дефекты

CWE-20

CWE-345

Связанные уязвимости

CVE-2019-15613

CVSS3: 8

debian

больше 5 лет назад

A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend t ...

GHSA-rc6x-59rr-4g8r

CVSS3: 8

github

около 3 лет назад

A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes.

openSUSE-SU-2020:0220-1

suse-cvrf

больше 5 лет назад

Security update for nextcloud

EPSS

Процентиль: 50%

0.00264

Низкий

8 High

CVSS3

6 Medium

CVSS2

Дефекты

CWE-20

CWE-345