Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-15611

Violation of Secure Design Principles in the iOS App 2.23.0 causes the app to leak its login and token to other Nextcloud services when search e.g. for federated users or registering for push notifications.

Published

2020-02-04T20:15:11.713

Last Modified

2024-11-21T04:29:07.687

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.9 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

8.0

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-657
Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	nextcloud	nextcloud	< 2.24.0	Yes

References

https://hackerone.com/reports/672623 Permissions Required, Third Party Advisory ([email protected])
https://nextcloud.com/security/advisory/?id=NC-SA-2019-017 Vendor Advisory ([email protected])
https://hackerone.com/reports/672623 Permissions Required, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://nextcloud.com/security/advisory/?id=NC-SA-2019-017 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)