What the vulnerability does

01Description

Violation of Secure Design Principles in the iOS App 2.23.0 causes the app to leak its login and token to other Nextcloud services when search e.g. for federated users or registering for push notifications.

Key dates

02Disclosure timeline

February 4, 2020 CVE published
August 5, 2024 Record updated