Nextcloud Talk is a video and audio conferencing app for Nextcloud. In versions prior to 13.0.5 and 14.0.0, a call moderator can indirectly enable user webcams by granting permissions, if they were enabled before removing the permissions. A patch is available in versions 13.0.5 and 14.0.0. There are currently no known workarounds.
References
Link | Resource |
---|---|
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vxpr-hcqq-7fw7 | Third Party Advisory |
https://github.com/nextcloud/spreed/issues/7048 | Exploit Issue Tracking Third Party Advisory |
https://github.com/nextcloud/spreed/pull/7034 | Exploit Third Party Advisory |
https://github.com/nextcloud/spreed/pull/7092 | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
26 May 2022, 15:21
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:nextcloud:talk:14.0.0:rc3:*:*:*:*:*:* cpe:2.3:a:nextcloud:talk:*:*:*:*:*:*:*:* cpe:2.3:a:nextcloud:talk:14.0.0:rc2:*:*:*:*:*:* cpe:2.3:a:nextcloud:talk:14.0.0:rc4:*:*:*:*:*:* cpe:2.3:a:nextcloud:talk:14.0.0:rc1:*:*:*:*:*:* cpe:2.3:a:nextcloud:talk:14.0.0:beta1:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 4.3 |
CWE | CWE-200 |
CWE-276 |
First Time |
Nextcloud talk
Nextcloud |
|
References | (MISC) https://github.com/nextcloud/spreed/issues/7048 - Exploit, Issue Tracking, Third Party Advisory | |
References | (CONFIRM) https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vxpr-hcqq-7fw7 - Third Party Advisory | |
References | (MISC) https://github.com/nextcloud/spreed/pull/7092 - Patch, Third Party Advisory | |
References | (MISC) https://github.com/nextcloud/spreed/pull/7034 - Exploit, Third Party Advisory |
17 May 2022, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-05-17 19:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-24890
Mitre link : CVE-2022-24890
CVE.ORG link : CVE-2022-24890
JSON object : View
Products Affected
nextcloud
- talk