Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-35932

Nextcloud Talk is a video and audio conferencing app for Nextcloud. Prior to versions 12.2.7, 13.0.7, and 14.0.3, password protected conversations are susceptible to brute force attacks if the attacker has the link/conversation token. It is recommended that the Nextcloud Talk application is upgraded to 12.2.7, 13.0.7 or 14.0.3. There are currently no known workarounds available apart from not having password protected conversations.

Published

2022-08-12T16:15:08.977

Last Modified

2024-11-21T07:11:59.510

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 3.5 (LOW)

Weaknesses

Type: Secondary
CWE-359
Type: Primary
CWE-307

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	nextcloud	talk	< 12.2.7	Yes
Application	nextcloud	talk	< 13.0.7	Yes
Application	nextcloud	talk	< 14.0.3	Yes

References

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-pf36-jvpv-4hwq Issue Tracking, Third Party Advisory ([email protected])
https://github.com/nextcloud/spreed/commit/04300bbed0e87ff3420b5d752bbc48e2c15f35e9 Patch, Third Party Advisory ([email protected])
https://github.com/nextcloud/spreed/commit/10341b9fe59a44ae0d139c072abd6b5026f33771 Patch, Release Notes, Third Party Advisory ([email protected])
https://github.com/nextcloud/spreed/commit/f5ac73940f9f683b11e518d1c54150bf50dab9be Patch, Third Party Advisory ([email protected])
https://github.com/nextcloud/spreed/pull/7504 Issue Tracking, Patch, Third Party Advisory ([email protected])
https://github.com/nextcloud/spreed/pull/7535 Issue Tracking, Patch, Third Party Advisory ([email protected])
https://github.com/nextcloud/spreed/pull/7536 Issue Tracking, Patch, Third Party Advisory ([email protected])
https://github.com/nextcloud/spreed/pull/7537 Issue Tracking, Patch, Third Party Advisory ([email protected])
https://hackerone.com/reports/1596673 Issue Tracking, Third Party Advisory ([email protected])
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-pf36-jvpv-4hwq Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nextcloud/spreed/commit/04300bbed0e87ff3420b5d752bbc48e2c15f35e9 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nextcloud/spreed/commit/10341b9fe59a44ae0d139c072abd6b5026f33771 Patch, Release Notes, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nextcloud/spreed/commit/f5ac73940f9f683b11e518d1c54150bf50dab9be Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nextcloud/spreed/pull/7504 Issue Tracking, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nextcloud/spreed/pull/7535 Issue Tracking, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nextcloud/spreed/pull/7536 Issue Tracking, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nextcloud/spreed/pull/7537 Issue Tracking, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/1596673 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)