PT-2020-9734 · Nextcloud · Nextcloud Ios App

Published

2020-02-04

Updated

2020-02-11

CVE-2019-15611

CVSS v3.1

4.9

Medium

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Nextcloud iOS App version 2.23.0

Description The issue is related to a violation of secure design principles, causing the app to leak its login and token to other Nextcloud services. This occurs during specific actions such as searching for federated users or registering for push notifications.

Recommendations For Nextcloud iOS App version 2.23.0, update to a newer version that addresses the secure design principles violation to prevent login and token leakage.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-657

Related Identifiers

CVE-2019-15611

Affected Products

Nextcloud Ios App

PT-2020-9734 · Nextcloud · Nextcloud Ios App

CVE-2019-15611

Weakness Enumeration

Related Identifiers

Affected Products

References · 4