CVE-2023-39957

Опубликовано: 10 авг. 2023

Источник: nvd

CVSS3: 7.2

CVSS3: 7.8

EPSS Низкий

Описание

Nextcloud Talk Android allows users to place video and audio calls through Nextcloud on Android. Prior to version 17.0.0, an unprotected intend allowed malicious third party apps to trick the Talk Android app into writing files outside of its intended cache directory. Nextcloud Talk Android version 17.0.0 has a patch for this issue. No known workarounds are available.

Ссылки

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-36f7-93f3-mcfj
Patch
Vendor Advisory
https://github.com/nextcloud/talk-android/pull/3064
Patch
https://hackerone.com/reports/1997029
Issue Tracking
Third Party Advisory
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-36f7-93f3-mcfj
Patch
Vendor Advisory
https://github.com/nextcloud/talk-android/pull/3064
Patch
https://hackerone.com/reports/1997029
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:nextcloud:talk:*:*:*:*:*:android:*:*

Версия до 17.0.0 (исключая)

cpe:2.3:a:nextcloud:talk:17.0.0:rc1:*:*:*:android:*:*

cpe:2.3:a:nextcloud:talk:17.0.0:rc2:*:*:*:android:*:*

cpe:2.3:a:nextcloud:talk:17.0.0:rc3:*:*:*:android:*:*

EPSS

Процентиль: 59%

0.00374

Низкий

7.2 High

CVSS3

7.8 High

CVSS3

Дефекты

CWE-22

EPSS

Процентиль: 59%

0.00374

Низкий

7.2 High

CVSS3

7.8 High

CVSS3

Дефекты

CWE-22