{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-23T23:12:32.557","vulnerabilities":[{"cve":{"id":"CVE-2019-15611","sourceIdentifier":"support@hackerone.com","published":"2020-02-04T20:15:11.713","lastModified":"2026-06-17T02:20:44.680","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Violation of Secure Design Principles in the iOS App 2.23.0 causes the app to leak its login and token to other Nextcloud services when search e.g. for federated users or registering for push notifications."},{"lang":"es","value":"Una Violación de los Principios de Diseño Seguro en la Aplicación iOS versión 2.23.0, causa que la aplicación filtre su inicio de sesión y token hacia otros servicios de Nextcloud cuando se lleva a cabo una búsqueda, por ejemplo, para usuarios federados o al registrarse para notificaciones push."}],"affected":[{"source":"support@hackerone.com","affectedData":[{"vendor":"n/a","product":"Nextcloud iOS","versions":[{"version":"2.23.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-657"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:iphone_os:*:*","versionEndExcluding":"2.24.0","matchCriteriaId":"8C3802A5-75BD-4A73-B224-6576BF0C75C9"}]}]}],"references":[{"url":"https://hackerone.com/reports/672623","source":"support@hackerone.com","tags":["Permissions Required","Third Party Advisory"]},{"url":"https://nextcloud.com/security/advisory/?id=NC-SA-2019-017","source":"support@hackerone.com","tags":["Vendor Advisory"]},{"url":"https://hackerone.com/reports/672623","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required","Third Party Advisory"]},{"url":"https://nextcloud.com/security/advisory/?id=NC-SA-2019-017","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}