Vulnerabilities > CVE-2019-5449 - Missing Authorization vulnerability in Nextcloud Server

047910
CVSS 4.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
nextcloud
CWE-862
NVD
Published: 2019-07-30
Updated: 2020-10-16

Summary

A missing check in the Nextcloud Server prior to version 15.0.1 causes leaking of calendar event names when adding or modifying confidential or private events.

Vulnerable Configurations

Part Description Count
Application
Nextcloud
483

Common Weakness Enumeration (CWE)

References