CVE-2023-30540

Опубликовано: 17 апр. 2023

Источник: nvd

CVSS3: 3.5

CVSS3: 4.3

EPSS Низкий

Описание

Nextcloud Talk is a chat, video & audio call extension for Nextcloud. In affected versions a user that was added later to a conversation can use this information to get access to data that was deleted before they were added to the conversation. This issue has been patched in version 15.0.5 and it is recommended that users upgrad to 15.0.5. There are no known workarounds for this issue.

Ссылки

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c9hr-cq65-9mjw
Vendor Advisory
https://github.com/nextcloud/spreed/pull/8985
Patch
https://hackerone.com/reports/1894676
Permissions Required
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c9hr-cq65-9mjw
Vendor Advisory
https://github.com/nextcloud/spreed/pull/8985
Patch
https://hackerone.com/reports/1894676
Permissions Required

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nextcloud:talk:*:*:*:*:*:*:*:*

Версия от 15.0.0 (включая) до 15.0.5 (исключая)

EPSS

Процентиль: 74%

0.00801

Низкий

3.5 Low

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-200

NVD-CWE-noinfo

EPSS

Процентиль: 74%

0.00801

Низкий

3.5 Low

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-200

NVD-CWE-noinfo