CVE-2023-22473

Опубликовано: 09 янв. 2023

Источник: nvd

CVSS3: 2.1

EPSS Низкий

Описание

Talk-Android enables users to have video & audio calls through Nextcloud on Android. Due to passcode bypass, an attacker is able to access the user's Nextcloud files and view conversations. To exploit this the attacker needs to have physical access to the target's device. There are currently no known workarounds available. It is recommended that the Nextcloud Talk Android app is upgraded to 15.0.2.

Ссылки

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wvr4-gc4c-6vmx
Third Party Advisory
https://github.com/nextcloud/talk-android/pull/2598
Patch
Third Party Advisory
https://hackerone.com/reports/1784645
Exploit
Third Party Advisory
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wvr4-gc4c-6vmx
Third Party Advisory
https://github.com/nextcloud/talk-android/pull/2598
Patch
Third Party Advisory
https://hackerone.com/reports/1784645
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nextcloud:talk:*:*:*:*:*:android:*:*

Версия до 15.0.2 (исключая)

EPSS

Процентиль: 25%

0.00087

Низкий

2.1 Low

CVSS3

Дефекты

CWE-284