Описание
Nextcloud Talk is a video and audio conferencing app for Nextcloud. Prior to versions 12.2.7, 13.0.7, and 14.0.3, password protected conversations are susceptible to brute force attacks if the attacker has the link/conversation token. It is recommended that the Nextcloud Talk application is upgraded to 12.2.7, 13.0.7 or 14.0.3. There are currently no known workarounds available apart from not having password protected conversations.
Ссылки
- Issue TrackingThird Party Advisory
- PatchThird Party Advisory
- PatchRelease NotesThird Party Advisory
- PatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- Issue TrackingThird Party Advisory
- Issue TrackingThird Party Advisory
- PatchThird Party Advisory
- PatchRelease NotesThird Party Advisory
- PatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- Issue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 12.2.7 (исключая)Версия от 13.0.0 (включая) до 13.0.7 (исключая)Версия от 14.0.0 (включая) до 14.0.3 (исключая)
Одно из
cpe:2.3:a:nextcloud:talk:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:talk:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:talk:*:*:*:*:*:*:*:*
EPSS
Процентиль: 78%
0.01094
Низкий
3.5 Low
CVSS3
5.3 Medium
CVSS3
Дефекты
CWE-359
CWE-307
EPSS
Процентиль: 78%
0.01094
Низкий
3.5 Low
CVSS3
5.3 Medium
CVSS3
Дефекты
CWE-359
CWE-307