Information Leakage in Nextcloud Server 16.0.1: Sending Domain and User IDs to Disabled Lookup Server

Information Leakage in Nextcloud Server 16.0.1: Sending Domain and User IDs to Disabled Lookup Server

CVE-2019-15623 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled.

Learn more about our Cis Benchmark Audit For Server Software.