Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2019-5449 |
CWE-ID | CWE-200 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Nextcloud Server Client/Desktop applications / Messaging software |
Vendor | Nextcloud |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU30977
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-5449
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to gain access to sensitive information.
A missing check in the Nextcloud Server prior to version 15.0.1 causes leaking of calendar event names when adding or modifying confidential or private events.
MitigationInstall update from vendor's website.
Vulnerable software versionsNextcloud Server: 15.0.0
CPE2.3 External linkshttp://hackerone.com/reports/476615
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.