CVE-2019-15611

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-15611
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-15611.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-15611
Published
2020-02-04T20:15:11.713Z
Modified
2026-04-10T04:12:35.511055Z
Severity
  • 4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Violation of Secure Design Principles in the iOS App 2.23.0 causes the app to leak its login and token to other Nextcloud services when search e.g. for federated users or registering for push notifications.

References

Affected packages

Git / github.com/nextcloud/ios

Affected ranges

Type
GIT
Repo
https://github.com/nextcloud/ios
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
39017bc790c29222ed1a151b9871ad747cb270d0
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.24.0"
        }
    ]
}

Affected versions

2.*
2.17
2.17.2
2.17.7
2.17.8
2.18.1
2.19.3
2.20.1
2.21.0
2.22.1
2.22.5
2.22.6
2.23.7
v2.*
v2.23.8

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-15611.json"