Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-39957

Nextcloud Talk Android allows users to place video and audio calls through Nextcloud on Android. Prior to version 17.0.0, an unprotected intend allowed malicious third party apps to trick the Talk Android app into writing files outside of its intended cache directory. Nextcloud Talk Android version 17.0.0 has a patch for this issue. No known workarounds are available.

Published

2023-08-10T16:15:09.797

Last Modified

2024-11-21T08:16:06.943

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

Weaknesses

Type: Primary
CWE-22

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	nextcloud	talk	< 17.0.0	Yes
Application	nextcloud	talk	17.0.0	Yes
Application	nextcloud	talk	17.0.0	Yes
Application	nextcloud	talk	17.0.0	Yes

References

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-36f7-93f3-mcfj Patch, Vendor Advisory ([email protected])
https://github.com/nextcloud/talk-android/pull/3064 Patch ([email protected])
https://hackerone.com/reports/1997029 Issue Tracking, Third Party Advisory ([email protected])
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-36f7-93f3-mcfj Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nextcloud/talk-android/pull/3064 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/1997029 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)