Vulnerability Description
Nextcloud Talk is a chat, video & audio call extension for Nextcloud. In affected versions a user that was added later to a conversation can use this information to get access to data that was deleted before they were added to the conversation. This issue has been patched in version 15.0.5 and it is recommended that users upgrad to 15.0.5. There are no known workarounds for this issue.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nextcloud | Talk | >= 15.0.0, < 15.0.5 |
Related Weaknesses (CWE)
References
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c9hr-cVendor Advisory
- https://github.com/nextcloud/spreed/pull/8985Patch
- https://hackerone.com/reports/1894676Permissions Required
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c9hr-cVendor Advisory
- https://github.com/nextcloud/spreed/pull/8985Patch
- https://hackerone.com/reports/1894676Permissions Required
FAQ
What is CVE-2023-30540?
CVE-2023-30540 is a vulnerability with a CVSS score of 3.5 (LOW). Nextcloud Talk is a chat, video & audio call extension for Nextcloud. In affected versions a user that was added later to a conversation can use this information to get access to data that was deleted...
How severe is CVE-2023-30540?
CVE-2023-30540 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-30540?
Check the references section above for vendor advisories and patch information. Affected products include: Nextcloud Talk.