What the vulnerability does

01Description

Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled.

Key dates

02Disclosure timeline

February 4, 2020 CVE published
August 5, 2024 Record updated