{"id":"CVE-2019-15610","details":"Improper authorization in the Circles app 0.17.7 causes retaining access when an email address was removed from a circle.","modified":"2026-04-11T21:07:47.992548Z","published":"2020-02-04T20:15:11.650Z","references":[{"type":"ADVISORY","url":"https://nextcloud.com/security/advisory/?id=NC-SA-2019-013"},{"type":"REPORT","url":"https://hackerone.com/reports/673724"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nextcloud/circles","events":[{"introduced":"0"},{"fixed":"954e7e1f300f9fcd169a72f7cca33179483d0344"},{"introduced":"87018166384657acd05a5b35827f47a35eb34e12"},{"fixed":"fe1ee6a819008ecb7ee12c4db51c306b59f9cf4b"}],"database_specific":{"cpe":"cpe:2.3:a:nextcloud:circles:*:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"fixed":"0.16.11"},{"introduced":"0.16.12"},{"fixed":"0.17.8"}]}}],"versions":["0.14.1","v0.10.0","v0.12.1","v0.12.2","v0.12.3","v0.12.4","v0.13.0","v0.13.1","v0.13.2","v0.13.3","v0.13.4","v0.13.5","v0.13.6","v0.14.0","v0.14.2","v0.15.0","v0.15.1","v0.16.0","v0.16.1","v0.16.10","v0.16.2","v0.16.3","v0.16.4","v0.16.5","v0.16.6","v0.16.7","v0.16.8","v0.16.9","v0.17.0","v0.17.1","v0.17.2","v0.17.3","v0.17.4","v0.17.5","v0.17.6","v0.17.7","v0.9.4","v0.9.5","v0.9.6"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-15610.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}]}