CVE-2019-5449 — Improper Authentication in Server

CWE-287 — Improper Authentication CWE-862 — Missing Authorization3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.3%

top 46.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nextcloud Server

Timeline

PublishedJul 30

Latest updateMay 24

Description

A missing check in the Nextcloud Server prior to version 15.0.1 causes leaking of calendar event names when adding or modifying confidential or private events.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDnextcloud/nextcloud_server< 15.0.1

▶CVEListV5nextcloud/nextcloud_server15.0.1

🔴Vulnerability Details

GHSA

GHSA-fw6c-8m99-2qjj: A missing check in the Nextcloud Server prior to version 15↗2022-05-24

▶

CVEList

CVE-2019-5449: A missing check in the Nextcloud Server prior to version 15↗2019-07-30

▶