← Back

CVE-2019-15623

nvd nist
Published: Feb 4, 2020Modified: Nov 21, 2024

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Exploitability: 3.9 / Impact: 1.4
Source: NVD

Description

Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled.

Affected (5)

Nextcloud
1 product
Nextcloud Server
Opensuse
1 product
Backports Sle
Suse
1 product
Package Hub
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Nextcloud
Nextcloud Server
Before 14.0.13
Nextcloud Server
From 15.0.0 to 15.0.9
Nextcloud Server
From 16.0.0 to 16.0.2
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Backports Sle
Version 15.0 sp1
Package Hub
All versions

Related CWEs

CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.

References (8)

Source: support@hackerone.com
Mailing ListThird Party Advisory
Source: support@hackerone.com
Third Party Advisory
Source: support@hackerone.com
ExploitThird Party Advisory
Source: support@hackerone.com
Third Party AdvisoryVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVendor Advisory

Timeline

No history available yet.