Описание
Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled.
Ссылки
- Mailing ListThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- Third Party AdvisoryVendor Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- Third Party AdvisoryVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 14.0.13 (исключая)Версия от 15.0.0 (включая) до 15.0.9 (исключая)Версия от 16.0.0 (включая) до 16.0.2 (исключая)
Одно из
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
cpe:2.3:a:suse:package_hub:-:*:*:*:*:*:*:*
EPSS
Процентиль: 55%
0.00322
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-359
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 5.3
debian
больше 5 лет назад
Exposure of Private Information in Nextcloud Server 16.0.1 causes the ...
github
около 3 лет назад
Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled.
EPSS
Процентиль: 55%
0.00322
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-359
NVD-CWE-noinfo