VDB
CVE-2019-15623
CVE-2019-15623
PUBLISHED
CVSS 5.300000190734863 MEDIUM
Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled.
EPSS 0.32% · 55.6th percentile
Risk Scores
CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
0.32%
55.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | Nextcloud Server | 16.0.1 |
| nextcloud | nextcloud_server | 15.0.0, 16.0.0, 0 |
| opensuse | backports_sle | 15.0 |
| suse | package_hub |
Exploit Intelligence
- https://hackerone.com/reports/508490 (nist-nvd)
- Nextcloud domain and name of every user leaked to lookup server (hackerone)
- Nextcloud domain and name of every user leaked to lookup server (hackerone)
- Nextcloud domain and name of every user leaked to lookup server (hackerone)
- https://nextcloud.com/security/advisory/?id=NC-SA-2019-016 (circl)
- openSUSE-SU-2020:0220 (circl)
- openSUSE-SU-2020:0229 (circl)
Timeline
- CVE Published
- Nov 26, 2019 PoC Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
References
- https://hackerone.com/reports/508490 url
- https://nextcloud.com/security/advisory/?id=NC-SA-2019-016 url
- openSUSE-SU-2020:0220 vendor-advisory
- openSUSE-SU-2020:0229 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2019-15623 advisory