Skip to content

Guests can continue to receive video streams from call after being removed from a conversation

Moderate
nickvergessen published GHSA-wx6w-xpg9-6fv4 Dec 1, 2022

Package

Talk (Nextcloud)

Affected versions

< 12.2.8, < 13.0.10, < 14.0.6, < 15.0.0

Patched versions

12.2.8, 13.0.10, 14.0.6, 15.0.0

Description

Impact

An attacker would be able to see videos on a call in a public conversation after being removed from that conversation, provided that they were removed while being in the call.

Patches

It is recommended that the Nextcloud Talk is upgraded to 12.2.8, 13.0.10, 14.0.6 or 15.0.0

Workarounds

No workaround available

References

For more information

If you have any questions or comments about this advisory:

Severity

Moderate
4.8
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
High
Privileges required
Low
User interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

CVE ID

CVE-2022-41971

Weaknesses

Credits