CVE-2022-24887
published 2022-04-27CVE-2022-24887: Nextcloud Talk is a video and audio conferencing app for Nextcloud, a self-hosted productivity platform. Prior to versions 11.3.4, 12.2.2, and 13.0.0, when…
PriorityP429medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.90%
55.1th percentile
Nextcloud Talk is a video and audio conferencing app for Nextcloud, a self-hosted productivity platform. Prior to versions 11.3.4, 12.2.2, and 13.0.0, when sharing a Deck card in conversation, the metaData can be manipulated so users can be tricked into opening arbitrary URLs. This issue is fixed in versions 11.3.4, 12.2.2, and 13.0.0. There are currently no known workarounds.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nextcloud | security-advisories | < 11.3.4 | 11.3.4 |
| nextcloud | security-advisories | < 12.2.2 | 12.2.2 |
| nextcloud | security-advisories | < 13.0.0 | 13.0.0 |
| nextcloud | talk | < 11.3.4 | 11.3.4 |
| nextcloud | talk | — | — |
| nextcloud | talk | >= 12.0.0 < 12.2.4 | 12.2.4 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-j45w-7mpq-264chttps://github.com/nextcloud/spreed/pull/6410https://hackerone.com/reports/1358977https://github.com/nextcloud/security-advisories/security/advisories/GHSA-j45w-7mpq-264chttps://github.com/nextcloud/spreed/pull/6410https://hackerone.com/reports/1358977
2022-04-27
Published