CVE-2022-39212Sensitive Information Exposure in Security-advisories

CWE-200Sensitive Information Exposure2 documents2 sources
Severity
5.3MEDIUMNVD
CNA4.3
EPSS
0.2%
top 53.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nextcloud Security-advisoriesNextcloud Talk
Timeline
Latest updateSep 16
PublishedSep 17

Description

Nextcloud Talk is an open source chat, video & audio calls client for the Nextcloud platform. In affected versions an attacker could see the last video frame of any participant who has video disabled but a camera selected. It is recommended that the Nextcloud Talk app is upgraded to 13.0.8 or 14.0.4. Users unable to upgrade should select "None" as camera before joining the call.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDnextcloud/talk14.0.014.0.4+1
CVEListV5nextcloud/security-advisories< 13.0.8+1

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

1
CVEList
Last video frame is still sent after video is disabled in a call in Nextcloud Talk2022-09-16
CVE-2022-39212 — Sensitive Information Exposure | cvebase