Описание
Nextcould Talk android is a video and audio conferencing app for Nextcloud. Prior to versions 12.2.8, 13.0.10, 14.0.6, and 15.0.0, guests can continue to receive video streams from a call after being removed from a conversation. An attacker would be able to see videos on a call in a public conversation after being removed from that conversation, provided that they were removed while being in the call. Versions 12.2.8, 13.0.10, 14.0.6, and 15.0.0 contain patches for the issue. No known workarounds are available.
Ссылки
- Third Party Advisory
- Third Party Advisory
- Permissions RequiredThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Permissions RequiredThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 12.0.0 (включая) до 12.2.8 (исключая)Версия от 13.0.0 (включая) до 13.0.10 (исключая)Версия от 14.0.0 (включая) до 14.0.6 (исключая)
Одно из
cpe:2.3:a:nextcloud:nextcloud_talk:*:*:*:*:*:android:*:*
cpe:2.3:a:nextcloud:nextcloud_talk:*:*:*:*:*:android:*:*
cpe:2.3:a:nextcloud:nextcloud_talk:*:*:*:*:*:android:*:*
EPSS
Процентиль: 54%
0.0031
Низкий
4.8 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-200
CWE-668
EPSS
Процентиль: 54%
0.0031
Низкий
4.8 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-200
CWE-668