Information Leakage in Nextcloud Server 16.0.1: Sending Domain and User IDs to Disabled Lookup Server
CVE-2019-15623 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled.
Learn more about our Cis Benchmark Audit For Server Software.