http://bugzilla.opensuse.org/show_bug.cgi?id=1162775 Bug ID: 1162775 Summary: VUL-1: CVE-2019-15623: nextcloud: Exposure of Private Information causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.1 Hardware: Other URL: https://smash.suse.de/issue/252414/ OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Security Assignee: ecsos@schirra.net Reporter: rfrohl@suse.com QA Contact: security-team@suse.de Found By: Security Response Team Blocker: --- CVE-2019-15623 Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-15623 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15623 https://nextcloud.com/security/advisory/?id=NC-SA-2019-016 https://hackerone.com/reports/508490 -- You are receiving this mail because: You are on the CC list for the bug.