Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-45149

Nextcloud talk is a chat module for the Nextcloud server platform. In affected versions brute force protection of public talk conversation passwords can be bypassed, as there was an endpoint validating the conversation password without registering bruteforce attempts. It is recommended that the Nextcloud Talk app is upgraded to 15.0.8, 16.0.6 or 17.1.1. There are no known workarounds for this vulnerability.

Published

2023-10-16T20:15:15.287

Last Modified

2024-11-21T08:26:26.890

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

Weaknesses

Type: Primary
CWE-307

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	nextcloud	talk	< 15.0.8	Yes
Application	nextcloud	talk	< 16.0.6	Yes
Application	nextcloud	talk	< 17.1.1	Yes

References

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-7rf8-pqmj-rpqv Vendor Advisory ([email protected])
https://github.com/nextcloud/spreed/pull/10545 Issue Tracking, Patch ([email protected])
https://hackerone.com/reports/2094473 Permissions Required ([email protected])
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-7rf8-pqmj-rpqv Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nextcloud/spreed/pull/10545 Issue Tracking, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/2094473 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)