Vulnerability Details CVE-2019-15611
Violation of Secure Design Principles in the iOS App 2.23.0 causes the app to leak its login and token to other Nextcloud services when search e.g. for federated users or registering for push notifications.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.3%
CVSS Severity
CVSS v3 Score 4.9
CVSS v2 Score 4.0
References
Products affected by CVE-2019-15611
-
cpe:2.3:a:nextcloud:nextcloud:-
-
cpe:2.3:a:nextcloud:nextcloud:2.22.4
-
cpe:2.3:a:nextcloud:nextcloud:2.22.5
-
cpe:2.3:a:nextcloud:nextcloud:2.22.6
-
cpe:2.3:a:nextcloud:nextcloud:2.22.7
-
cpe:2.3:a:nextcloud:nextcloud:2.22.8
-
cpe:2.3:a:nextcloud:nextcloud:2.22.9
-
cpe:2.3:a:nextcloud:nextcloud:2.23.0
-
cpe:2.3:a:nextcloud:nextcloud:2.23.1
-
cpe:2.3:a:nextcloud:nextcloud:2.23.2
-
cpe:2.3:a:nextcloud:nextcloud:2.23.3
-
cpe:2.3:a:nextcloud:nextcloud:2.23.4
-
cpe:2.3:a:nextcloud:nextcloud:2.23.5
-
cpe:2.3:a:nextcloud:nextcloud:2.23.6
-
cpe:2.3:a:nextcloud:nextcloud:2.23.7
-
cpe:2.3:a:nextcloud:nextcloud:2.23.8