CVE-2019-15623

Exploit

EPSS 0.32%
Veröffentlicht 04.02.2020 20:15:12
Zuletzt bearbeitet 21.11.2024 04:29:09
Quelle support@hackerone.com
Teams Watchlist Login
Unerledigt Login

Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Nextcloud ≫ Nextcloud Server Version < 14.0.13

Nextcloud ≫ Nextcloud Server Version >= 15.0.0 < 15.0.9

Nextcloud ≫ Nextcloud Server Version >= 16.0.0 < 16.0.2

Opensuse ≫ Backports Sle Version15.0 Updatesp1

Suse ≫ Package Hub Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.32%	0.547

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-359 Exposure of Private Personal Information to an Unauthorized Actor

The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.

http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.html

Third Party Advisory

https://hackerone.com/reports/508490

Third Party Advisory

Exploit

https://nextcloud.com/security/advisory/?id=NC-SA-2019-016

Third Party Advisory

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-15623

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-15623

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-15623

EUVD