Improper Access Control in Nextcloud Talk 6.0.3: Leakage of Private Conversation Existence and Names via Projects Feature

Improper Access Control in Nextcloud Talk 6.0.3: Leakage of Private Conversation Existence and Names via Projects Feature

CVE-2019-15620 · LOW Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Improper access control in Nextcloud Talk 6.0.3 leaks the existance and the name of private conversations when linked them to another shared item via the projects feature.

Learn more about our Cloud Audit.