Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-30540

Nextcloud Talk is a chat, video & audio call extension for Nextcloud. In affected versions a user that was added later to a conversation can use this information to get access to data that was deleted before they were added to the conversation. This issue has been patched in version 15.0.5 and it is recommended that users upgrad to 15.0.5. There are no known workarounds for this issue.

Published

2023-04-17T22:15:10.277

Last Modified

2024-11-21T08:00:23.083

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 3.5 (LOW)

Weaknesses

Type: Secondary
CWE-200
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	nextcloud	talk	< 15.0.5	Yes

References

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c9hr-cq65-9mjw Vendor Advisory ([email protected])
https://github.com/nextcloud/spreed/pull/8985 Patch ([email protected])
https://hackerone.com/reports/1894676 Permissions Required ([email protected])
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c9hr-cq65-9mjw Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nextcloud/spreed/pull/8985 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/1894676 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)