5.3

CVE-2022-39212

Last video frame is still sent after video is disabled in a call in Nextcloud Talk

Last video frame is still sent after video is disabled in a call

Nextcloud Talk is an open source chat, video & audio calls client for the Nextcloud platform. In affected versions an attacker could see the last video frame of any participant who has video disabled but a camera selected. It is recommended that the Nextcloud Talk app is upgraded to 13.0.8 or 14.0.4. Users unable to upgrade should select "None" as camera before joining the call.
Mögliche Gegenmaßnahme
Talk: Select "None" as camera before joining the call.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NextcloudTalk Version < 13.0.8
NextcloudTalk Version >= 14.0.0 < 14.0.4
Weitere Schwachstelleninformationen
SystemNextcloud App
Produkt Talk
Version >= 0.0.0, < 13.0.8
Version >= 14.0.0, < 14.0.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.24% 0.465
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
security-advisories@github.com 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.