Violation of Secure Design Principles in the iOS App 2.23.0 causes the app to leak its login and token to other Nextcloud services when search e.g. for federated users or registering for push notifications.
References
Link | Resource |
---|---|
https://hackerone.com/reports/672623 | Permissions Required Third Party Advisory |
https://nextcloud.com/security/advisory/?id=NC-SA-2019-017 | Vendor Advisory |
https://hackerone.com/reports/672623 | Permissions Required Third Party Advisory |
https://nextcloud.com/security/advisory/?id=NC-SA-2019-017 | Vendor Advisory |
Configurations
History
21 Nov 2024, 04:29
Type | Values Removed | Values Added |
---|---|---|
References | () https://hackerone.com/reports/672623 - Permissions Required, Third Party Advisory | |
References | () https://nextcloud.com/security/advisory/?id=NC-SA-2019-017 - Vendor Advisory |
Information
Published : 2020-02-04 20:15
Updated : 2024-11-21 04:29
NVD link : CVE-2019-15611
Mitre link : CVE-2019-15611
CVE.ORG link : CVE-2019-15611
JSON object : View
Products Affected
nextcloud
- nextcloud
CWE