Description
Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled.
Related CPE's
a
nextcloud
nextcloud_server
3
Vulnerable
Vulnerable
References
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html
Mailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.html
Third Party Advisory
https://hackerone.com/reports/508490
ExploitThird Party Advisory
https://nextcloud.com/security/advisory/?id=NC-SA-2019-016
Third Party AdvisoryVendor Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 · Medium
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2020-02-04T20:15:12.667
5 years agoLast modified
2021-10-29T16:22:59.887
3 years ago