Vulnerability Description
Nextcloud Talk is a fully on-premises audio/video and chat communication service. When cron jobs were misconfigured and therefore messages are not expired, the API would still return them while they were then hidden by the frontend code. It is recommended that the Nextcloud Talk is upgraded to 15.0.3. There are no workaround available.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nextcloud | Nextcloud Talk | >= 15.0.0, < 15.0.3 |
Related Weaknesses (CWE)
References
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-j53p-rVendor Advisory
- https://github.com/nextcloud/spreed/pull/8515Patch
- https://hackerone.com/reports/1784310ExploitThird Party Advisory
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-j53p-rVendor Advisory
- https://github.com/nextcloud/spreed/pull/8515Patch
- https://hackerone.com/reports/1784310ExploitThird Party Advisory
FAQ
What is CVE-2023-26041?
CVE-2023-26041 is a vulnerability with a CVSS score of 2.6 (LOW). Nextcloud Talk is a fully on-premises audio/video and chat communication service. When cron jobs were misconfigured and therefore messages are not expired, the API would still return them while they w...
How severe is CVE-2023-26041?
CVE-2023-26041 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-26041?
Check the references section above for vendor advisories and patch information. Affected products include: Nextcloud Nextcloud Talk.