← Voltar para CVEs
CVE-2023-30540
LOW3.5
Descricao
Nextcloud Talk is a chat, video & audio call extension for Nextcloud. In affected versions a user that was added later to a conversation can use this information to get access to data that was deleted before they were added to the conversation. This issue has been patched in version 15.0.5 and it is recommended that users upgrad to 15.0.5. There are no known workarounds for this issue.
Detalhes CVE
Pontuacao CVSS v3.13.5
SeveridadeLOW
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioREQUIRED
Publicado4/17/2023
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
nextcloud:talk
Fraquezas (CWE)
CWE-200
Referencias
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c9hr-cq65-9mjw(security-advisories@github.com)
https://github.com/nextcloud/spreed/pull/8985(security-advisories@github.com)
https://hackerone.com/reports/1894676(security-advisories@github.com)
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c9hr-cq65-9mjw(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nextcloud/spreed/pull/8985(af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/1894676(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.