{ "affected": [ { "database_specific": { "unresolved_ranges": [ { "events": [ { "introduced": "0" }, { "last_affected": "sle-15-sp1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "12-NA" } ] } ] }, "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "fixed": "14.0.11" }, { "introduced": "15.0.0" }, { "fixed": "15.0.8" } ] }, "events": [ { "introduced": "0" }, { "fixed": "21872b82270121d95584da678d58cbc5865c5b6a" }, { "introduced": "3bb46a2accb9d3c8557b64f0ec6e088d94f9dd70" }, { "fixed": "0ca9141de4eaf3ca147ffaedfaee0157166f643c" } ], "repo": "https://github.com/nextcloud/server", "type": "GIT" } ] } ], "details": "Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders.", "id": "CVE-2019-15624", "modified": "2026-03-14T13:52:14.059891686Z", "published": "2020-02-04T20:15:12.747Z", "references": [ { "type": "ADVISORY", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html" }, { "type": "ADVISORY", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.html" }, { "type": "ADVISORY", "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2019-015" }, { "type": "EVIDENCE", "url": "https://hackerone.com/reports/508493" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "type": "CVSS_V3" } ] }