CVE-2019-15620
LOWNextcloud Talk < 6.0.4 - Unauthenticated Private Conversation Name Leak via Projects Feature
Title source: llmDescription
Improper access control in Nextcloud Talk 6.0.3 leaks the existance and the name of private conversations when linked them to another shared item via the projects feature.
References (2)
Core 2
Core References
Permissions Required x_refsource_misc
https://hackerone.com/reports/662218
Vendor Advisory x_refsource_misc
https://nextcloud.com/security/advisory/?id=NC-SA-2020-011
Scores
CVSS v3
2.7
EPSS
0.0016
EPSS Percentile
36.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-287
Status
published
Products (1)
nextcloud/talk
< 6.0.4
Published
Feb 04, 2020
Tracked Since
Feb 18, 2026