cbcvebase.
CVE-2023-45149
published 2023-10-16

CVE-2023-45149: Nextcloud talk is a chat module for the Nextcloud server platform. In affected versions brute force protection of public talk conversation passwords can be…

PriorityP421medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
EPSS
0.48%
37.9th percentile
Nextcloud talk is a chat module for the Nextcloud server platform. In affected versions brute force protection of public talk conversation passwords can be bypassed, as there was an endpoint validating the conversation password without registering bruteforce attempts. It is recommended that the Nextcloud Talk app is upgraded to 15.0.8, 16.0.6 or 17.1.1. There are no known workarounds for this vulnerability.

Affected

6 ranges
VendorProductVersion rangeFixed in
nextcloudsecurity-advisories
nextcloudsecurity-advisories
nextcloudsecurity-advisories
nextcloudtalk>= 15.0.0 < 15.0.815.0.8
nextcloudtalk>= 16.0.0 < 16.0.616.0.6
nextcloudtalk>= 17.0.0 < 17.1.117.1.1
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.