[Bug 1162775] New: VUL-1: CVE-2019-15623: nextcloud: Exposure of Private Information causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled
http://bugzilla.opensuse.org/show_bug.cgi?id=1162775 Bug ID: 1162775 Summary: VUL-1: CVE-2019-15623: nextcloud: Exposure of Private Information causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.1 Hardware: Other URL: https://smash.suse.de/issue/252414/ OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Security Assignee: ecsos@schirra.net Reporter: rfrohl@suse.com QA Contact: security-team@suse.de Found By: Security Response Team Blocker: --- CVE-2019-15623 Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-15623 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15623 https://nextcloud.com/security/advisory/?id=NC-SA-2019-016 https://hackerone.com/reports/508490 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1162775
http://bugzilla.opensuse.org/show_bug.cgi?id=1162775#c1
--- Comment #1 from Robert Frohl
http://bugzilla.opensuse.org/show_bug.cgi?id=1162775
http://bugzilla.opensuse.org/show_bug.cgi?id=1162775#c2
--- Comment #2 from Eric Schirra
http://bugzilla.opensuse.org/show_bug.cgi?id=1162775
http://bugzilla.opensuse.org/show_bug.cgi?id=1162775#c4
--- Comment #4 from Robert Frohl
What have this todo with Leap? Leap have another branch.
affected software Nextcloud Server < 15.0.9, Leap is 15.0.7 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1162775
http://bugzilla.opensuse.org/show_bug.cgi?id=1162775#c9
Eric Schirra
participants (1)
-
bugzilla_noreply@novell.com