Skip to content

Geolocation preview links can be set to arbitrary links

Low
nickvergessen published GHSA-4fxr-mrw2-cq92 Mar 8, 2022

Package

Talk (Nextcloud)

Affected versions

< 12.1.2

Patched versions

12.1.2

Description

Impact

An attacker is able to control the link of a geolocation preview in the Nextcloud Talk application. This could result in an open-redirect, but required user interaction. This only affected users of the Android Talk client.

Patches

It is recommended that the Nextcloud Talk App is upgraded to 12.1.2.

Workarounds

None.

References

For more information

If you have any questions or comments about this advisory:

Severity

Low

CVE ID

CVE-2021-41180

Weaknesses

Credits