Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-26041

Nextcloud Talk is a fully on-premises audio/video and chat communication service. When cron jobs were misconfigured and therefore messages are not expired, the API would still return them while they were then hidden by the frontend code. It is recommended that the Nextcloud Talk is upgraded to 15.0.3. There are no workaround available.

Published

2023-02-27T21:15:12.013

Last Modified

2024-11-21T07:50:38.597

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 2.6 (LOW)

Weaknesses

Type: Secondary
CWE-359
Type: Primary
CWE-668

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	nextcloud	nextcloud_talk	< 15.0.3	Yes

References

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-j53p-r755-v4jf Vendor Advisory ([email protected])
https://github.com/nextcloud/spreed/pull/8515 Patch ([email protected])
https://hackerone.com/reports/1784310 Exploit, Third Party Advisory ([email protected])
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-j53p-r755-v4jf Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nextcloud/spreed/pull/8515 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/1784310 Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)