CVE-2019-15623
N/A
N/A
Summary
Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Nextcloud Server | 16.0.1 | affected |
Weaknesses
- CWE-359: Privacy Violation (CWE-359)
ADP Enrichment
CVE Program Container
Additional References
- https://hackerone.com/reports/508490
- https://nextcloud.com/security/advisory/?id=NC-SA-2019-016
- http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html
- http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.html
References
- https://hackerone.com/reports/508490
- https://nextcloud.com/security/advisory/?id=NC-SA-2019-016
- http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html
- http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.