File Extension Manipulation Vulnerability in Nextcloud Server by Nextcloud
CVE-2019-15613

8HIGH

Key Information:

Vendor

Nextcloud

Vendor
CVE Published:
4 February 2020

What is CVE-2019-15613?

A vulnerability in Nextcloud Server version 17.0.1 arises from a flaw in its workflow rules, which improperly base their functionality on file extensions. This misconfiguration allows attackers to exploit the system by manipulating file mimetypes, leading to potential unauthorized actions within the application. Proper validation mechanisms for file types are bypassed if the file extension does not correspond to the actual content, posing risks to data integrity and system security.

Affected Version(s)

Nextcloud Server 17.0.2

References

CVSS V3.1

Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2019-15613 : File Extension Manipulation Vulnerability in Nextcloud Server by Nextcloud