CVE-2019-15620
First published: Tue Feb 04 2020(Updated: )
Improper access control in Nextcloud Talk 6.0.3 leaks the existance and the name of private conversations when linked them to another shared item via the projects feature.
Credit: support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nextcloud talk | <6.0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-15620?
CVE-2019-15620 is a vulnerability in Nextcloud Talk 6.0.3 that allows improper access control, leaking the existence and name of private conversations when linked to another shared item via the projects feature.
What is the severity of CVE-2019-15620?
CVE-2019-15620 has a severity level of medium, with a severity value of 2.7.
How does CVE-2019-15620 affect Nextcloud Talk?
CVE-2019-15620 affects Nextcloud Talk version 6.0.3 and earlier, leaking the existence and name of private conversations when linked to another shared item via the projects feature.
What is the recommended fix for CVE-2019-15620?
To fix CVE-2019-15620, it is recommended to update Nextcloud Talk to version 6.0.4 or later.
Where can I find more information about CVE-2019-15620?
You can find more information about CVE-2019-15620 in the following references: [HackerOne report](https://hackerone.com/reports/662218) and [Nextcloud Security Advisory](https://nextcloud.com/security/advisory/?id=NC-SA-2020-011).
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/type
- agent/tags
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/nextcloud
- canonical/nextcloud talk