← Retour aux CVEs
CVE-2023-30540
LOW3.5
Description
Nextcloud Talk is a chat, video & audio call extension for Nextcloud. In affected versions a user that was added later to a conversation can use this information to get access to data that was deleted before they were added to the conversation. This issue has been patched in version 15.0.5 and it is recommended that users upgrad to 15.0.5. There are no known workarounds for this issue.
Details CVE
Score CVSS v3.13.5
SeveriteLOW
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurREQUIRED
Publie4/17/2023
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
nextcloud:talk
Faiblesses (CWE)
CWE-200
References
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c9hr-cq65-9mjw(security-advisories@github.com)
https://github.com/nextcloud/spreed/pull/8985(security-advisories@github.com)
https://hackerone.com/reports/1894676(security-advisories@github.com)
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c9hr-cq65-9mjw(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nextcloud/spreed/pull/8985(af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/1894676(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.