CVE-2019-15621

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-15621

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-15621.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-15621

Downstream

openSUSE-SU-2020:0220-1

openSUSE-SU-2020:0229-1

Related

Published

2020-02-04T20:15:12.527Z

Modified

2026-04-10T04:15:01.467751Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

Improper permissions preservation in Nextcloud Server 16.0.1 causes sharees to be able to reshare with write permissions when sharing the mount point of a share they received, as a public link.

References

Affected packages

Git / github.com/nextcloud/server

Affected ranges

Type

GIT

Repo

https://github.com/nextcloud/server

Events

Introduced

Fixed

e877a7ec027854315ec58bdbc3ccb77d5e89b76a

Introduced

3bb46a2accb9d3c8557b64f0ec6e088d94f9dd70

Fixed

5ba848a3edfb03382c7eb16002e00a9a73f779ec

Introduced

6781f9fc7652f735a75abd869ab3e79878fceec9

Fixed

80cdd4cbea7e3e159e531fe50f39d8207f2ce19e

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "14.0.13"
        },
        {
            "introduced": "15.0.0"
        },
        {
            "fixed": "15.0.9"
        },
        {
            "introduced": "16.0.0"
        },
        {
            "fixed": "16.0.2"
        }
    ]
}

Affected versions

14.*

14.0.2RC1

v1.*

v1.0.0beta1

v11.*

v11.0.0

v11.0RC2

v12.*

v12.0.0beta1

v12.0.0beta2

v12.0.0beta3

v12.0.0beta4

v13.*

v13.0.0RC1

v13.0.0beta1

v13.0.0beta2

v13.0.0beta3

v13.0.0beta4

v14.*

v14.0.0

v14.0.0RC1

v14.0.0RC2

v14.0.0beta1

v14.0.0beta2

v14.0.0beta3

v14.0.0beta4

v14.0.1

v14.0.10

v14.0.11

v14.0.11RC1

v14.0.12

v14.0.13RC1

v14.0.1RC1

v14.0.2

v14.0.2RC1

v14.0.2RC2

v14.0.3

v14.0.4

v14.0.4RC1

v14.0.4RC2

v14.0.5

v14.0.5RC1

v14.0.5RC2

v14.0.6

v14.0.7

v14.0.7RC1

v14.0.8

v14.0.8RC1

v14.0.8RC2

v14.0.9

v14.0.9RC1

v15.*

v15.0.0

v15.0.1

v15.0.1RC1

v15.0.1RC2

v15.0.2

v15.0.3

v15.0.3RC1

v15.0.4

v15.0.5

v15.0.5RC1

v15.0.5RC2

v15.0.6

v15.0.6RC1

v15.0.7

v15.0.8

v15.0.8RC1

v15.0.9RC1

v16.*

v16.0.0

v16.0.1

v16.0.1RC1

v16.0.2RC1

v3.*

v3.0

v4.*

v4.0.0

v4.0.0RC

v4.0.0RC2

v4.0.0beta

v4.0.1

v4.0.4

v4.0.5

v4.0.6

v4.5.0

v4.5.0RC1

v4.5.0RC2

v4.5.0RC3

v4.5.0beta3

v4.5.0beta4

v5.*

v5.0.0

v5.0.0RC1

v5.0.0RC2

v5.0.0RC3

v5.0.0alpha1

v5.0.0beta1

v5.0.0beta2

v6.*

v6.0.0RC1

v6.0.0RC2

v6.0.0alpha2

v6.0.0beta2

v6.0.0beta3

v6.0.0beta4

v6.0.0beta5

v7.*

v7.0.0alpha2

v7.0.0beta1

v8.*

v8.0.0

v8.0.0RC1

v8.0.0RC2

v8.0.0alpha1

v8.0.0alpha2

v8.0.0beta1

v8.0.0beta2

v8.1.0alpha1

v8.1.0alpha2

v8.1.0beta1

v8.1.0beta2

v8.1RC2

v8.2RC1

v8.2beta1

v9.*

v9.0.0beta2

v9.0beta1

v9.1.0beta1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-15621.json"