CVE-2023-28845
published 2023-03-31CVE-2023-28845: Nextcloud talk is a video & audio conferencing app for Nextcloud. In affected versions the talk app does not properly filter access to a conversations member…
PriorityP414low3.5CVSS 3.1
AVNACLPRLUIRSUCLINAN
EPSS
0.45%
35.6th percentile
Nextcloud talk is a video & audio conferencing app for Nextcloud. In affected versions the talk app does not properly filter access to a conversations member list. As a result an attacker could use this vulnerability to gain information about the members of a Talk conversation, even if they themselves are not members. It is recommended that the Nextcloud Talk is upgraded to 14.0.9 or 15.0.4. There are no known workarounds for this vulnerability.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nextcloud | security-advisories | — | — |
| nextcloud | security-advisories | — | — |
| nextcloud | talk | >= 14.0.0 < 14.0.9 | 14.0.9 |
| nextcloud | talk | >= 15.0.0 < 15.0.4 | 15.0.4 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-03-31
Published