2.1
CVE-2023-22473
- EPSS 0.09%
- Veröffentlicht 09.01.2023 15:15:11
- Zuletzt bearbeitet 21.11.2024 07:44:52
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginPasscode bypass on Talk-Android app
Passcode bypass on Talk Android app
Talk-Android enables users to have video & audio calls through Nextcloud on Android. Due to passcode bypass, an attacker is able to access the user's Nextcloud files and view conversations. To exploit this the attacker needs to have physical access to the target's device. There are currently no known workarounds available. It is recommended that the Nextcloud Talk Android app is upgraded to 15.0.2.
Mögliche Gegenmaßnahme
Talk Android: No workaround available
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.09% | 0.249 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 2.1 | 0.7 | 1.4 |
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
|
| security-advisories@github.com | 2.1 | 0.7 | 1.4 |
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.