Vulnerability Description
Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nextcloud | Nextcloud Server | < 14.0.13 |
| Opensuse | Backports Sle | 15.0 |
| Suse | Package Hub | - |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.htmlThird Party Advisory
- https://hackerone.com/reports/508490ExploitThird Party Advisory
- https://nextcloud.com/security/advisory/?id=NC-SA-2019-016Third Party AdvisoryVendor Advisory
- http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.htmlThird Party Advisory
- https://hackerone.com/reports/508490ExploitThird Party Advisory
- https://nextcloud.com/security/advisory/?id=NC-SA-2019-016Third Party AdvisoryVendor Advisory
FAQ
What is CVE-2019-15623?
CVE-2019-15623 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled...
How severe is CVE-2019-15623?
CVE-2019-15623 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-15623?
Check the references section above for vendor advisories and patch information. Affected products include: Nextcloud Nextcloud Server, Opensuse Backports Sle, Suse Package Hub.