CVE-2019-15620Improper Authentication in Talk

CWE-287Improper Authentication4 documents4 sources
Severity
2.7LOWNVD
EPSS
0.2%
top 62.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nextcloud TalkNextcloud Talk
Timeline
PublishedFeb 4
Latest updateMay 24

Description

Improper access control in Nextcloud Talk 6.0.3 leaks the existance and the name of private conversations when linked them to another shared item via the projects feature.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:NExploitability: 1.2 | Impact: 1.4

Affected Packages2 packages

NVDnextcloud/talk< 6.0.4
CVEListV5nextcloud/nextcloud_talk6.0.4

🔴Vulnerability Details

2
GHSA
GHSA-hfx4-g7m9-jj99: Improper access control in Nextcloud Talk 62022-05-24
CVEList
CVE-2019-15620: Improper access control in Nextcloud Talk 62020-02-04

💬Community

1
Bugzilla
CVE-2019-10901 wireshark: LDSS dissector crash (wnpa-sec-2019-17)2019-04-09
CVE-2019-15620 — Improper Authentication in Talk | cvebase