← Back to CVEs
CVE-2023-30540
LOW3.5
Description
Nextcloud Talk is a chat, video & audio call extension for Nextcloud. In affected versions a user that was added later to a conversation can use this information to get access to data that was deleted before they were added to the conversation. This issue has been patched in version 15.0.5 and it is recommended that users upgrad to 15.0.5. There are no known workarounds for this issue.
CVE Details
CVSS v3.1 Score3.5
SeverityLOW
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionREQUIRED
Published4/17/2023
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
nextcloud:talk
Weaknesses (CWE)
CWE-200
References
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c9hr-cq65-9mjw(security-advisories@github.com)
https://github.com/nextcloud/spreed/pull/8985(security-advisories@github.com)
https://hackerone.com/reports/1894676(security-advisories@github.com)
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c9hr-cq65-9mjw(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nextcloud/spreed/pull/8985(af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/1894676(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.