Lucene search

GoogleOSV:CVE-2022-41971

HistoryDec 01, 2022 - 9:15 p.m.

CVE-2022-41971

2022-12-0121:15:19

Google

osv.dev

nextcloud

android

security vulnerability

video streams

patch

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.3%

JSON

Nextcould Talk android is a video and audio conferencing app for Nextcloud. Prior to versions 12.2.8, 13.0.10, 14.0.6, and 15.0.0, guests can continue to receive video streams from a call after being removed from a conversation. An attacker would be able to see videos on a call in a public conversation after being removed from that conversation, provided that they were removed while being in the call. Versions 12.2.8, 13.0.10, 14.0.6, and 15.0.0 contain patches for the issue. No known workarounds are available.

CPENameOperatorVersion
spreedeq12.2.6
spreedeq12.0.0
spreedeq12.2.7
spreedeq12.2.0
spreedeq12.1.1
spreedeq12.2.3
spreedeq12.1.0
spreedeq12.2.1
spreedeq12.2.4
spreedeq12.2.5

Name	Operator	Version
spreed	eq	12.2.6
spreed	eq	12.0.0
spreed	eq	12.2.7
spreed	eq	12.2.0
spreed	eq	12.1.1
spreed	eq	12.2.3
spreed	eq	12.1.0
spreed	eq	12.2.1
spreed	eq	12.2.4
spreed	eq	12.2.5

Rows per page:

1-10 of 111

References

github.com/nextcloud/security-advisories/security/advisories/GHSA-wx6w-xpg9-6fv4

github.com/nextcloud/spreed/pull/7974

hackerone.com/reports/1706248

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.3%

JSON

Related for OSV:CVE-2022-41971