CVE-2019-15611

Violation of Secure Design Principles in the iOS App 2.23.0 causes the app to leak its login and token to other Nextcloud services when search e.g. for federated users or registering for push notifications.
References
Link Resource
https://hackerone.com/reports/672623 Permissions Required Third Party Advisory
https://nextcloud.com/security/advisory/?id=NC-SA-2019-017 Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:iphone_os:*:*

History

No history.

Information

Published : 2020-02-04 20:15

Updated : 2024-02-04 20:39


NVD link : CVE-2019-15611

Mitre link : CVE-2019-15611

CVE.ORG link : CVE-2019-15611


JSON object : View

Products Affected

nextcloud

  • nextcloud
CWE
NVD-CWE-Other CWE-657

Violation of Secure Design Principles