CVE-2019-15611

Violation of Secure Design Principles in the iOS App 2.23.0 causes the app to leak its login and token to other Nextcloud services when search e.g. for federated users or registering for push notifications.
References
Link Resource
https://hackerone.com/reports/672623 Permissions Required Third Party Advisory
https://nextcloud.com/security/advisory/?id=NC-SA-2019-017 Vendor Advisory
https://hackerone.com/reports/672623 Permissions Required Third Party Advisory
https://nextcloud.com/security/advisory/?id=NC-SA-2019-017 Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:iphone_os:*:*

History

21 Nov 2024, 04:29

Type Values Removed Values Added
References () https://hackerone.com/reports/672623 - Permissions Required, Third Party Advisory () https://hackerone.com/reports/672623 - Permissions Required, Third Party Advisory
References () https://nextcloud.com/security/advisory/?id=NC-SA-2019-017 - Vendor Advisory () https://nextcloud.com/security/advisory/?id=NC-SA-2019-017 - Vendor Advisory

Information

Published : 2020-02-04 20:15

Updated : 2024-11-21 04:29


NVD link : CVE-2019-15611

Mitre link : CVE-2019-15611

CVE.ORG link : CVE-2019-15611


JSON object : View

Products Affected

nextcloud

  • nextcloud
CWE
CWE-657

Violation of Secure Design Principles

NVD-CWE-Other