Description

Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled.

Related CPE's

a

nextcloud

nextcloud_server

3

a

opensuse

backports_sle

15.0

sp1

Vulnerable

a

suse

package_hub

-

Vulnerable

References

http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.html

Third Party Advisory

https://hackerone.com/reports/508490

ExploitThird Party Advisory

https://nextcloud.com/security/advisory/?id=NC-SA-2019-016

Third Party AdvisoryVendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.html

Third Party Advisory

https://hackerone.com/reports/508490

ExploitThird Party Advisory

https://nextcloud.com/security/advisory/?id=NC-SA-2019-016

Third Party AdvisoryVendor Advisory

Weaknesses

[email protected]

Secondary
CWE-359

[email protected]

Primary
NVD-CWE-noinfo

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.3 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2020-02-04T19:15:12.667Z

6 years ago

Last modified

2024-11-21T03:29:09.080Z

1 year ago