6.1
CVE-2022-24887
- EPSS 0.23%
- Veröffentlicht 27.04.2022 14:15:09
- Zuletzt bearbeitet 21.11.2024 06:51:19
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginOpen Redirect in Nextcloud Talk
When sharing a Deck card in conversation the metaData can be manipulated to open arbitrary URL
Nextcloud Talk is a video and audio conferencing app for Nextcloud, a self-hosted productivity platform. Prior to versions 11.3.4, 12.2.2, and 13.0.0, when sharing a Deck card in conversation, the metaData can be manipulated so users can be tricked into opening arbitrary URLs. This issue is fixed in versions 11.3.4, 12.2.2, and 13.0.0. There are currently no known workarounds.
Mögliche Gegenmaßnahme
Talk: No workaround available
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Weitere Schwachstelleninformationen
SystemNextcloud App
≫
Produkt
Talk
Version
>= 0.0.0, < 11.3.4
Version
>= 12.2.0, < 12.2.2
Version
>= 13.0.0, < 13.0.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.23% | 0.456 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 5.8 | 8.6 | 4.9 |
AV:N/AC:M/Au:N/C:P/I:P/A:N
|
| security-advisories@github.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
|
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.