CVE-2019-15611

EUVD-2019-6568
Violation of Secure Design Principles in the iOS App 2.23.0 causes the app to leak its login and token to other Nextcloud services when search e.g. for federated users or registering for push notifications.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.9 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
Common Weakness Enumeration
References
https://hackerone.com/reports/672623
https://nextcloud.com/security/advisory/?id=NC-SA-2019-017
https://hackerone.com/reports/672623
https://nextcloud.com/security/advisory/?id=NC-SA-2019-017