Vulnerability Description
Nextcloud Talk is an open source chat, video & audio calls client for the Nextcloud platform. In affected versions an attacker could see the last video frame of any participant who has video disabled but a camera selected. It is recommended that the Nextcloud Talk app is upgraded to 13.0.8 or 14.0.4. Users unable to upgrade should select "None" as camera before joining the call.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nextcloud | Talk | < 13.0.8 |
Related Weaknesses (CWE)
References
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wq3g-2Third Party Advisory
- https://github.com/nextcloud/spreed/pull/7673PatchThird Party Advisory
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wq3g-2Third Party Advisory
- https://github.com/nextcloud/spreed/pull/7673PatchThird Party Advisory
FAQ
What is CVE-2022-39212?
CVE-2022-39212 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Nextcloud Talk is an open source chat, video & audio calls client for the Nextcloud platform. In affected versions an attacker could see the last video frame of any participant who has video disabled ...
How severe is CVE-2022-39212?
CVE-2022-39212 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-39212?
Check the references section above for vendor advisories and patch information. Affected products include: Nextcloud Talk.