nextcloud nextcloud-server CVE-2019-15623 vulnerability in Nextcloud and Other Products
Published on February 4, 2020

product logo product logo product logo
Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled.

Vendor Advisory Vendor Advisory NVD

Weakness Type

What is a Privacy violation Vulnerability?

The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.

CVE-2019-15623 has been classified to as a Privacy violation vulnerability or weakness.


Products Associated with CVE-2019-15623

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-15623 are published in these products:

Nextcloud Server
 
OpenSuse Backports Sle
 
Suse Package Hub
 

Exploit Probability

EPSS
0.32%
Percentile
54.86%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.