CVE-2019-15623

Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
cpe:2.3:a:suse:package_hub:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:29

Type Values Removed Values Added
References () http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html - Mailing List, Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html - Mailing List, Third Party Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.html - Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.html - Third Party Advisory
References () https://hackerone.com/reports/508490 - Exploit, Third Party Advisory () https://hackerone.com/reports/508490 - Exploit, Third Party Advisory
References () https://nextcloud.com/security/advisory/?id=NC-SA-2019-016 - Third Party Advisory, Vendor Advisory () https://nextcloud.com/security/advisory/?id=NC-SA-2019-016 - Third Party Advisory, Vendor Advisory

29 Oct 2021, 16:22

Type Values Removed Values Added
CPE cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
cpe:2.3:a:suse:package_hub:-:*:*:*:*:*:*:*
CWE CWE-200 NVD-CWE-noinfo
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.html - Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html - Mailing List, Third Party Advisory

Information

Published : 2020-02-04 20:15

Updated : 2024-11-21 04:29


NVD link : CVE-2019-15623

Mitre link : CVE-2019-15623

CVE.ORG link : CVE-2019-15623


JSON object : View

Products Affected

nextcloud

  • nextcloud_server

opensuse

  • backports_sle

suse

  • package_hub
CWE
CWE-359

Exposure of Private Personal Information to an Unauthorized Actor

NVD-CWE-noinfo