CVE-2019-15611
MEDIUMNextcloud iOS App < 2.24.0 - Credential Leak via Federated Search and Push Notification Registration
Title source: llmDescription
Violation of Secure Design Principles in the iOS App 2.23.0 causes the app to leak its login and token to other Nextcloud services when search e.g. for federated users or registering for push notifications.
References (2)
Core 2
Core References
Permissions Required, Third Party Advisory x_refsource_misc
https://hackerone.com/reports/672623
Vendor Advisory x_refsource_misc
https://nextcloud.com/security/advisory/?id=NC-SA-2019-017
Scores
CVSS v3
4.9
EPSS
0.0063
EPSS Percentile
70.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-657
Status
published
Products (1)
nextcloud/nextcloud
< 2.24.0
Published
Feb 04, 2020
Tracked Since
Feb 18, 2026