CVE-2019-15611
First published: Tue Feb 04 2020(Updated: )
Violation of Secure Design Principles in the iOS App 2.23.0 causes the app to leak its login and token to other Nextcloud services when search e.g. for federated users or registering for push notifications.
Credit: support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nextcloud Nextcloud | <2.24.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-15611?
CVE-2019-15611 is a vulnerability in the iOS App version 2.23.0 of Nextcloud that causes the app to leak its login and token to other Nextcloud services when performing certain actions.
How does the iOS App 2.23.0 leak login and token?
The iOS App 2.23.0 of Nextcloud leaks login and token to other Nextcloud services when searching for federated users or registering for push notifications.
What is the severity of CVE-2019-15611?
CVE-2019-15611 has a severity level of medium with a CVSS score of 4.9.
How can I fix CVE-2019-15611?
To fix CVE-2019-15611, update the Nextcloud iOS App to version 2.24.0 or higher.
Where can I find more information about CVE-2019-15611?
More information about CVE-2019-15611 can be found in the following references: [HackerOne](https://hackerone.com/reports/672623) and [Nextcloud Security Advisory](https://nextcloud.com/security/advisory/?id=NC-SA-2019-017).
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/event
- agent/type
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/nextcloud
- canonical/nextcloud nextcloud