Remote Share Vulnerability in Nextcloud 16 by Nextcloud
CVE-2019-15616

4.3MEDIUM

Key Information:

Vendor: Nextcloud
Status: Nextcloud Server
Vendor: CVE Published:; 4 February 2020

What is CVE-2019-15616?

The identified vulnerability in Nextcloud 16 allows for the potential exploitation of dangling remote share attempts, which can lead to DNS pollution when the system is under long-running operations. This vulnerability poses significant risks to system integrity and user data, as it may allow attackers to manipulate DNS resolutions effectively. Users of Nextcloud 16 should assess their configurations and apply necessary security measures to mitigate this issue.

Affected Version(s)

Nextcloud Server 17.0.0

References

https://hackerone.com/reports/592864

x_refsource_MISC

https://nextcloud.com/security/advisory/?id=NC-SA-2020-005

x_refsource_MISC

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 4, 2020
Vulnerability Reserved
Aug 26, 2019

JSON