Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-41926

Nextcould talk android is the android OS implementation of the nextcloud talk chat system. In affected versions the receiver is not protected by broadcastPermission allowing malicious apps to monitor communication. It is recommended that the Nextcloud Talk Android is upgraded to 14.1.0. There are no known workarounds for this issue.

Published

2022-11-25T19:15:11.940

Last Modified

2024-11-21T07:24:05.067

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 3.3 (LOW)

Weaknesses

Type: Primary
CWE-200
CWE-732

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	nextcloud	talk	< 14.1.0	Yes

References

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-564v-3rfc-352m Third Party Advisory ([email protected])
https://github.com/nextcloud/talk-android/pull/2148 Patch, Third Party Advisory ([email protected])
https://hackerone.com/reports/1596459 Permissions Required, Third Party Advisory ([email protected])
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-564v-3rfc-352m Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nextcloud/talk-android/pull/2148 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/1596459 Permissions Required, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)