CVE Vulnerability

CVE-2019-15611

Violation of Secure Design Principles in the iOS App 2.23.0 causes the app to leak its login and token to other Nextcloud services when search e.g. for federated users or registering for push notifications.

4 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

4.9 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://nextcloud.com/security/advisory/?id=NC-SA-2019-017 Vendor Advisory
https://hackerone.com/reports/672623 Permissions Required Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:iphone_os:*:*
Information

Published : 2020-02-04 08:15

Updated : 2020-02-11 04:59

NVD link : CVE-2019-15611

Mitre link : CVE-2019-15611

Products Affected
No products.
CWE
NVD-CWE-Other