Guests can continue to receive video streams from call after being removed from a conversation
Package
Talk
(Nextcloud)
Affected versions
< 12.2.8, < 13.0.10, < 14.0.6, < 15.0.0
Patched versions
12.2.8, 13.0.10, 14.0.6, 15.0.0
Impact
An attacker would be able to see videos on a call in a public conversation after being removed from that conversation, provided that they were removed while being in the call.
Patches
It is recommended that the Nextcloud Talk is upgraded to 12.2.8, 13.0.10, 14.0.6 or 15.0.0
Workarounds
No workaround available
References
For more information
If you have any questions or comments about this advisory: