CVE-2019-15611
CVE-2019-15611 is a medium-severity vulnerability in Nextcloud with a CVSS 3.x base score of 4.9. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-657.
Key facts
- Severity: Medium (CVSS 3.x base score 4.9)
- CVSS v2: 4.0
- EPSS exploit prediction: 1% (61st percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-657
- Affected product: Nextcloud
- Published:
- Last modified:
Description
Violation of Secure Design Principles in the iOS App 2.23.0 causes the app to leak its login and token to other Nextcloud services when search e.g. for federated users or registering for push notifications.
Frequently asked questions
- What is CVE-2019-15611?
- Violation of Secure Design Principles in the iOS App 2.23.0 causes the app to leak its login and token to other Nextcloud services when search e.g. for federated users or registering for push notifications.
- How severe is CVE-2019-15611?
- CVE-2019-15611 has a CVSS 3.x base score of 4.9, rated medium severity. It is exploitable over network with low attack complexity, requires high privileges and no user interaction. Impact on confidentiality is high, integrity none, and availability none.
- Is CVE-2019-15611 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (61st percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2019-15611?
- CVE-2019-15611 affects Nextcloud. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2019-15611?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2019-15611 published?
- CVE-2019-15611 was published on 2020-02-04 and last updated on 2026-06-17.
References
Affected products (1)
- cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:iphone_os:*:*
More vulnerabilities in Nextcloud
- CVE-2019-5454 — Critical (CVSS 9.8): SQL Injection in the Nextcloud Android app prior to version 3.0.0 allows to destroy a local cache when a harmful query…
- CVE-2021-43863 — High (CVSS 7.5): The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. The Nextcloud…
- CVE-2023-28999 — Medium (CVSS 6.9): Nextcloud is an open-source productivity platform. In Nextcloud Desktop client 3.0.0 until 3.8.0, Nextcloud Android app…
- CVE-2019-5455 — Medium (CVSS 6.8): Bypassing lock protection exists in Nextcloud Android app 3.6.0 when creating a multi-account and aborting the process.
- CVE-2019-5450 — Medium (CVSS 6.8): Improper sanitization of HTML in directory names in the Nextcloud Android app prior to version 3.7.0 allowed to style…
- CVE-2021-22912 — Medium (CVSS 6.5): Nextcloud iOS before 3.4.2 suffers from an information disclosure vulnerability when searches for sharees utilize the…
All CVEs affecting Nextcloud →
Other CWE-657 vulnerabilities
- CVE-2026-39888 — Critical (CVSS 9.9): PraisonAI is a multi-agent teams system. Prior to 1.5.115, execute_code() in praisonaiagents.tools.python_tools…
- CVE-2023-29320 — High (CVSS 7.8): Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Violation of…
- CVE-2019-0061 — High (CVSS 7.8): The management daemon (MGD) is responsible for all configuration and management operations in Junos OS. The Junos CLI…
- CVE-2023-52714 — High (CVSS 7.5): Vulnerability of defects introduced in the design process in the hwnff module. Impact: Successful exploitation of this…
- CVE-2021-28583 — High (CVSS 7.5): Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a Violation of…
- CVE-2022-28244 — Medium (CVSS 6.3): Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) is…