4.3

CVE-2023-30540

EPSS 0.49%
Published 17.04.2023 22:15:10
Last modified 21.11.2024 08:00:23
Source security-advisories@github.com
Teams watchlist Login
Open Login

Nextcloud Talk is a chat, video & audio call extension for Nextcloud. In affected versions a user that was added later to a conversation can use this information to get access to data that was deleted before they were added to the conversation. This issue has been patched in version 15.0.5 and it is recommended that users upgrad to 15.0.5. There are no known workarounds for this issue.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Nextcloud ≫ Talk Version >= 15.0.0 < 15.0.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.49%	0.647

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
security-advisories@github.com	3.5	2.1	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c9hr-cq65-9mjw

Vendor Advisory

https://github.com/nextcloud/spreed/pull/8985

Patch

https://hackerone.com/reports/1894676

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2023-30540

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-30540

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-30540

EUVD