Vulnerability Description
Talk-Android enables users to have video & audio calls through Nextcloud on Android. Due to passcode bypass, an attacker is able to access the user's Nextcloud files and view conversations. To exploit this the attacker needs to have physical access to the target's device. There are currently no known workarounds available. It is recommended that the Nextcloud Talk Android app is upgraded to 15.0.2.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nextcloud | Talk | < 15.0.2 |
Related Weaknesses (CWE)
References
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wvr4-gThird Party Advisory
- https://github.com/nextcloud/talk-android/pull/2598PatchThird Party Advisory
- https://hackerone.com/reports/1784645ExploitThird Party Advisory
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wvr4-gThird Party Advisory
- https://github.com/nextcloud/talk-android/pull/2598PatchThird Party Advisory
- https://hackerone.com/reports/1784645ExploitThird Party Advisory
FAQ
What is CVE-2023-22473?
CVE-2023-22473 is a vulnerability with a CVSS score of 2.1 (LOW). Talk-Android enables users to have video & audio calls through Nextcloud on Android. Due to passcode bypass, an attacker is able to access the user's Nextcloud files and view conversations. To exploit...
How severe is CVE-2023-22473?
CVE-2023-22473 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-22473?
Check the references section above for vendor advisories and patch information. Affected products include: Nextcloud Talk.