CVE-2022-41926

Опубликовано: 25 нояб. 2022

Источник: nvd

CVSS3: 3.3

CVSS3: 5.5

EPSS Низкий

Описание

Nextcould talk android is the android OS implementation of the nextcloud talk chat system. In affected versions the receiver is not protected by broadcastPermission allowing malicious apps to monitor communication. It is recommended that the Nextcloud Talk Android is upgraded to 14.1.0. There are no known workarounds for this issue.

Ссылки

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-564v-3rfc-352m
Third Party Advisory
https://github.com/nextcloud/talk-android/pull/2148
Patch
Third Party Advisory
https://hackerone.com/reports/1596459
Permissions Required
Third Party Advisory
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-564v-3rfc-352m
Third Party Advisory
https://github.com/nextcloud/talk-android/pull/2148
Patch
Third Party Advisory
https://hackerone.com/reports/1596459
Permissions Required
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nextcloud:talk:*:*:*:*:*:android:*:*

Версия до 14.1.0 (исключая)

EPSS

Процентиль: 23%

0.00074

Низкий

3.3 Low

CVSS3

5.5 Medium

CVSS3

Дефекты

CWE-200

EPSS

Процентиль: 23%

0.00074

Низкий

3.3 Low

CVSS3

5.5 Medium

CVSS3

Дефекты

CWE-200