{"api_version":"1","generated_at":"2026-05-06T00:37:45+00:00","cve":"CVE-2023-22473","urls":{"html":"https://cve.report/CVE-2023-22473","api":"https://cve.report/api/cve/CVE-2023-22473.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-22473","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-22473"},"summary":{"title":"CVE-2023-22473","description":"Talk-Android enables users to have video & audio calls through Nextcloud on Android. Due to passcode bypass, an attacker is able to access the user's Nextcloud files and view conversations. To exploit this the attacker needs to have physical access to the target's device. There are currently no known workarounds available. It is recommended that the Nextcloud Talk Android app is upgraded to 15.0.2.","state":"PUBLIC","assigner":"security-advisories@github.com","published_at":"2023-01-09 15:15:00","updated_at":"2023-11-07 04:06:00"},"problem_types":["CWE-284"],"metrics":[],"references":[{"url":"https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wvr4-gc4c-6vmx","name":"https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wvr4-gc4c-6vmx","refsource":"MISC","tags":[],"title":"Passcode bypass on Talk Android app · Advisory · nextcloud/security-advisories · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://hackerone.com/reports/1784645","name":"https://hackerone.com/reports/1784645","refsource":"MISC","tags":[],"title":"HackerOne","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/nextcloud/talk-android/pull/2598","name":"https://github.com/nextcloud/talk-android/pull/2598","refsource":"MISC","tags":[],"title":"Bugfix/open notification by mahibi · Pull Request #2598 · nextcloud/talk-android · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"503"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-22473","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22473","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"22473","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"nextcloud","cpe5":"talk","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"android","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-22473","qid":"630858","title":"Nextcloud Talk For Android Improper Access Control Vulnerability"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-22473","ASSIGNER":"security-advisories@github.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"Talk-Android enables users to have video & audio calls through Nextcloud on Android. Due to passcode bypass, an attacker is able to access the user's Nextcloud files and view conversations. To exploit this the attacker needs to have physical access to the target's device. There are currently no known workarounds available. It is recommended that the Nextcloud Talk Android app is upgraded to 15.0.2."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-284: Improper Access Control","cweId":"CWE-284"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"nextcloud","product":{"product_data":[{"product_name":"security-advisories","version":{"version_data":[{"version_value":"< 15.0.2","version_affected":"="}]}}]}}]}},"references":{"reference_data":[{"url":"https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wvr4-gc4c-6vmx","refsource":"MISC","name":"https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wvr4-gc4c-6vmx"},{"url":"https://github.com/nextcloud/talk-android/pull/2598","refsource":"MISC","name":"https://github.com/nextcloud/talk-android/pull/2598"},{"url":"https://hackerone.com/reports/1784645","refsource":"MISC","name":"https://hackerone.com/reports/1784645"}]},"source":{"advisory":"GHSA-wvr4-gc4c-6vmx","discovery":"UNKNOWN"},"impact":{"cvss":[{"attackComplexity":"LOW","attackVector":"PHYSICAL","availabilityImpact":"NONE","baseScore":2.1,"baseSeverity":"LOW","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","version":"3.1"}]}},"nvd":{"publishedDate":"2023-01-09 15:15:00","lastModifiedDate":"2023-11-07 04:06:00","problem_types":["CWE-284"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":2.1,"baseSeverity":"LOW"},"exploitabilityScore":0.7,"impactScore":1.4}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:nextcloud:talk:*:*:*:*:*:android:*:*","versionEndExcluding":"15.0.2","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}