← Volver a CVEs
CVE-2023-30540
LOW3.5
Descripcion
Nextcloud Talk is a chat, video & audio call extension for Nextcloud. In affected versions a user that was added later to a conversation can use this information to get access to data that was deleted before they were added to the conversation. This issue has been patched in version 15.0.5 and it is recommended that users upgrad to 15.0.5. There are no known workarounds for this issue.
Detalles CVE
Puntuacion CVSS v3.13.5
SeveridadLOW
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioREQUIRED
Publicado4/17/2023
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
nextcloud:talk
Debilidades (CWE)
CWE-200
Referencias
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c9hr-cq65-9mjw(security-advisories@github.com)
https://github.com/nextcloud/spreed/pull/8985(security-advisories@github.com)
https://hackerone.com/reports/1894676(security-advisories@github.com)
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c9hr-cq65-9mjw(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nextcloud/spreed/pull/8985(af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/1894676(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.