Vulnerabilities > CVE-2019-15611 - Unspecified vulnerability in Nextcloud

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

nextcloud

NVD

Published: 2020-02-04

Updated: 2020-02-11

Summary

Violation of Secure Design Principles in the iOS App 2.23.0 causes the app to leak its login and token to other Nextcloud services when search e.g. for federated users or registering for push notifications.

Vulnerable Configurations

Part	Description	Count
Application	Nextcloud Nextcloud Nextcloud - Nextcloud Nextcloud 2.22.4 Nextcloud Nextcloud 2.22.5 Nextcloud Nextcloud 2.22.6 Nextcloud Nextcloud 2.22.7 Nextcloud Nextcloud 2.22.8 Nextcloud Nextcloud 2.22.9 Nextcloud Nextcloud 2.23.0 Nextcloud Nextcloud 2.23.1 Nextcloud Nextcloud 2.23.2 Nextcloud Nextcloud 2.23.3 Nextcloud Nextcloud 2.23.4 Nextcloud Nextcloud 2.23.5 Nextcloud Nextcloud 2.23.6 Nextcloud Nextcloud 2.23.7 Nextcloud Nextcloud 2.23.8	16

Summary

Vulnerable Configurations

References