CVE-2022-24890

Summary

CVE	CVE-2022-24890
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-05-17 19:15:00 UTC
Updated	2022-05-26 15:21:00 UTC
Description	Nextcloud Talk is a video and audio conferencing app for Nextcloud. In versions prior to 13.0.5 and 14.0.0, a call moderator can indirectly enable user webcams by granting permissions, if they were enabled before removing the permissions. A patch is available in versions 13.0.5 and 14.0.0. There are currently no known workarounds.

Risk And Classification

Problem Types: CWE-276

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Nextcloud	Talk	All	All	All	All
Application	Nextcloud	Talk	14.0.0	beta1	All	All
Application	Nextcloud	Talk	14.0.0	rc1	All	All
Application	Nextcloud	Talk	14.0.0	rc2	All	All
Application	Nextcloud	Talk	14.0.0	rc3	All	All
Application	Nextcloud	Talk	14.0.0	rc4	All	All

References

Reference	Source	Link	Tags
Connection can not be established without camera permission · Issue #7048 · nextcloud/spreed · GitHub	MISC	github.com
[stable23] Fix reconnections on single media permission changes by backportbot-nextcloud[bot] · Pull Request #7092 · nextcloud/spreed · GitHub	MISC	github.com
Fix reconnections on single media permission changes by danxuliu · Pull Request #7034 · nextcloud/spreed · GitHub	MISC	github.com
Moderator can enable cam/mic remotely if cam/mic-permission was disabled while user has activated cam/mic · Advisory · nextcloud/security-advisories · GitHub	CONFIRM	github.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.