CVE-2023-22473Improper Access Control in Security-advisories

CWE-284Improper Access Control2 documents2 sources
Severity
2.1LOWNVD
EPSS
0.1%
top 74.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nextcloud Security-advisoriesNextcloud Talk
Timeline
PublishedJan 9

Description

Talk-Android enables users to have video & audio calls through Nextcloud on Android. Due to passcode bypass, an attacker is able to access the user's Nextcloud files and view conversations. To exploit this the attacker needs to have physical access to the target's device. There are currently no known workarounds available. It is recommended that the Nextcloud Talk Android app is upgraded to 15.0.2.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 0.7 | Impact: 1.4

Affected Packages2 packages

NVDnextcloud/talk< 15.0.2
CVEListV5nextcloud/security-advisories< 15.0.2

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

1
CVEList
Passcode bypass on Talk-Android app2023-01-09
CVE-2023-22473 — Improper Access Control | cvebase