Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-41181

Nextcloud talk is a self hosting messaging service. In versions prior to 12.3.0 the Nextcloud Android Talk application did not properly detect the lockscreen state when a call was incoming. If an attacker got physical access to the locked phone, and the victim received a phone call the attacker could gain access to the chat messages and files of the user. It is recommended that the Nextcloud Android Talk App is upgraded to 12.3.0. There are no known workarounds.

Published

2022-03-08T18:15:07.807

Last Modified

2024-11-21T06:25:41.520

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 2.4 (LOW)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-200
Type: Primary
CWE-287

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	nextcloud	talk	< 12.3.0	Yes

References

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-497c-c8hx-6qcf Third Party Advisory ([email protected])
https://github.com/nextcloud/talk-android/pull/1585 Patch, Third Party Advisory ([email protected])
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-497c-c8hx-6qcf Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nextcloud/talk-android/pull/1585 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)