{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-14T04:30:42.045","vulnerabilities":[{"cve":{"id":"CVE-2019-15621","sourceIdentifier":"support@hackerone.com","published":"2020-02-04T20:15:12.527","lastModified":"2024-11-21T04:29:08.857","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper permissions preservation in Nextcloud Server 16.0.1 causes sharees to be able to reshare with write permissions when sharing the mount point of a share they received, as a public link."},{"lang":"es","value":"Una preservación de permisos inapropiada en Nextcloud Server versión 16.0.1, causa que los recursos compartidos sean capaces de compartir con permisos de escritura cuando comparte el punto de montaje de un recurso compartido que recibieron, como un enlace público."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-281"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*","versionEndExcluding":"14.0.13","matchCriteriaId":"6CECA205-0B13-4AF4-8EDA-6515068DB461"},{"vulnerable":true,"criteria":"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*","versionStartIncluding":"15.0.0","versionEndExcluding":"15.0.9","matchCriteriaId":"AE568F12-81AB-44E6-AAD7-AB6D4DE7B9CE"},{"vulnerable":true,"criteria":"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*","versionStartIncluding":"16.0.0","versionEndExcluding":"16.0.2","matchCriteriaId":"930E2DE7-4D34-4634-8FC4-CDEB45A9B8EF"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html","source":"support@hackerone.com"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.html","source":"support@hackerone.com"},{"url":"https://hackerone.com/reports/619484","source":"support@hackerone.com","tags":["Permissions Required"]},{"url":"https://nextcloud.com/security/advisory/?id=NC-SA-2020-012","source":"support@hackerone.com","tags":["Vendor Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://hackerone.com/reports/619484","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required"]},{"url":"https://nextcloud.com/security/advisory/?id=NC-SA-2020-012","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}