Skip to content

Talk app did allow access to sensitive chat messages on lockscreen

Low
nickvergessen published GHSA-497c-c8hx-6qcf Mar 8, 2022

Package

Android Talk Client (Nextcloud)

Affected versions

< 12.3.0

Patched versions

12.3.0

Description

Impact

The Nextcloud Android Talk application did not properly detect the lockscreen state when a call was incoming. If an attacker got physical access to the locked phone, and the victim received a phone call the attacker could gain access to the chat messages and files of the user.

Patches

It is recommended that the Nextcloud Android Talk App is upgraded to 12.3.0.

Workarounds

None.

References

For more information

If you have any questions or comments about this advisory:

Severity

Low

CVE ID

CVE-2021-41181

Weaknesses

Credits