CVE-2022-24887 — Open Redirect in Security-advisories

CWE-601 — Open Redirect2 documents2 sources

Severity

6.1MEDIUMNVD

CNA4.3

EPSS

0.2%

top 53.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nextcloud Security-advisories Nextcloud Talk

Timeline

PublishedApr 27

Description

Nextcloud Talk is a video and audio conferencing app for Nextcloud, a self-hosted productivity platform. Prior to versions 11.3.4, 12.2.2, and 13.0.0, when sharing a Deck card in conversation, the metaData can be manipulated so users can be tricked into opening arbitrary URLs. This issue is fixed in versions 11.3.4, 12.2.2, and 13.0.0. There are currently no known workarounds.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDnextcloud/talk12.0.0 — 12.2.4+2

▶CVEListV5nextcloud/security-advisories< 11.3.4+2

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

CVEList

Open Redirect in Nextcloud Talk↗2022-04-27

▶