CVE-2023-22473
Summary
| CVE | CVE-2023-22473 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-01-09 15:15:00 UTC |
| Updated | 2023-11-07 04:06:00 UTC |
| Description | Talk-Android enables users to have video & audio calls through Nextcloud on Android. Due to passcode bypass, an attacker is able to access the user's Nextcloud files and view conversations. To exploit this the attacker needs to have physical access to the target's device. There are currently no known workarounds available. It is recommended that the Nextcloud Talk Android app is upgraded to 15.0.2. |
Risk And Classification
Problem Types: CWE-284
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Passcode bypass on Talk Android app · Advisory · nextcloud/security-advisories · GitHub | MISC | github.com | |
| HackerOne | MISC | hackerone.com | |
| Bugfix/open notification by mahibi · Pull Request #2598 · nextcloud/talk-android · GitHub | MISC | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 630858 Nextcloud Talk For Android Improper Access Control Vulnerability