CVE-2019-15623

MEDIUM

Nextcloud Server 16.0.1 - Info Disclosure

Title source: llm

Description

Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled.

References (4)

[Exploit, Third Party Advisory] https://hackerone.com/reports/508490

[Third Party Advisory, Vendor Advisory] https://nextcloud.com/security/advisory/?id=NC-SA-2019-016

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html

[Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.html

Scores

CVSS v3 5.3

EPSS 0.0032

EPSS Percentile 55.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-359

Status published

Products (3)

nextcloud/nextcloud_server < 14.0.13

opensuse/backports_sle 15.0 sp1

suse/package_hub

Published Feb 04, 2020

Tracked Since Feb 18, 2026