2.1

CVE-2023-22473

Exploit

Passcode bypass on Talk-Android app

Passcode bypass on Talk Android app

Talk-Android enables users to have video & audio calls through Nextcloud on Android. Due to passcode bypass, an attacker is able to access the user's Nextcloud files and view conversations. To exploit this the attacker needs to have physical access to the target's device. There are currently no known workarounds available. It is recommended that the Nextcloud Talk Android app is upgraded to 15.0.2. 
Mögliche Gegenmaßnahme
Talk Android: No workaround available
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NextcloudTalk SwPlatformandroid Version < 15.0.2
Weitere Schwachstelleninformationen
SystemNextcloud App
Produkt Talk Android
Version < 15.0.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.56% 0.421
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 2.1 0.7 1.4
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
security-advisories@github.com 2.1 0.7 1.4
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wvr4-gc4c-6vmx
Third Party Advisory
https://github.com/nextcloud/talk-android/pull/2598
Patch
Third Party Advisory
https://hackerone.com/reports/1784645
Third Party Advisory
Exploit
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wvr4-gc4c-6vmx
Third Party Advisory