Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:CVE-2022-24887
HistoryApr 27, 2022 - 2:15 p.m.

CVE-2022-24887

2022-04-2714:15:09
Google
osv.dev
6
nextcloud
talk
vulnerability
sharing
deck card
metadata
manipulated
arbitrary urls
fixed
versions

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

42.2%

JSON

Nextcloud Talk is a video and audio conferencing app for Nextcloud, a self-hosted productivity platform. Prior to versions 11.3.4, 12.2.2, and 13.0.0, when sharing a Deck card in conversation, the metaData can be manipulated so users can be tricked into opening arbitrary URLs. This issue is fixed in versions 11.3.4, 12.2.2, and 13.0.0. There are currently no known workarounds.

Related

hackerone 1
nextcloud 1
prion 1
cve 1
nvd 1
cvelist 1
hackerone
hackerone
Nextcloud: When sharing a Deck card in conversation the metaData can be manipulated to open arbitrary URL
2021-10-05 07:33:31
nextcloud
nextcloud
When sharing a Deck card in conversation the metaData can be manipulated to open arbitrary URL
2022-04-27 07:29:17
prion
prion
Code injection
2022-04-27 14:15:00
cve
cve
CVE-2022-24887
2022-04-27 14:15:09
nvd
nvd
CVE-2022-24887
2022-04-27 14:15:09
cvelist
cvelist
CVE-2022-24887 Open Redirect in Nextcloud Talk
2022-04-27 13:55:11

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

42.2%

JSON
Related for OSV:CVE-2022-24887
hackerone1nextcloud1prion1cve1nvd1cvelist1