← voltar
CVE-2023-22473

Passcode bypass on Talk-Android app

CVSS 2.1 LOWEPSS 0.6%CWE-284
Vexday Risk Score
8Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 2.1EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
09 jan 2023Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Talk-Android enables users to have video & audio calls through Nextcloud on Android. Due to passcode bypass, an attacker is able to access the user's Nextcloud files and view conversations. To exploit this the attacker needs to have physical access to the target's device. There are currently no known workarounds available. It is recommended that the Nextcloud Talk Android app is upgraded to 15.0.2.
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Produtos afetados
nextcloud · security-advisories

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wvr4-gc4c-6vmxhttps://github.com/nextcloud/talk-android/pull/2598https://hackerone.com/reports/1784645