Overview
- Description
- Nextcloud Talk is a video and audio conferencing app for Nextcloud. In versions prior to 13.0.5 and 14.0.0, a call moderator can indirectly enable user webcams by granting permissions, if they were enabled before removing the permissions. A patch is available in versions 13.0.5 and 14.0.0. There are currently no known workarounds.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 3.5
- Impact score
- 2.9
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:N/I:P/A:N
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nextcloud:talk:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E1FF2F15-1C40-418B-9BC3-85E19347B452",
"versionEndExcluding": "13.0.5"
},
{
"criteria": "cpe:2.3:a:nextcloud:talk:14.0.0:beta1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3AFAF857-88EF-4D3C-8D5C-4B0334F77E73"
},
{
"criteria": "cpe:2.3:a:nextcloud:talk:14.0.0:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "70C356B8-7572-4795-AD25-269C8E803DB5"
},
{
"criteria": "cpe:2.3:a:nextcloud:talk:14.0.0:rc2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FCF57597-ACA0-4BE2-8410-979367A5240E"
},
{
"criteria": "cpe:2.3:a:nextcloud:talk:14.0.0:rc3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "047D57BF-FBB3-4C7B-A2DA-3CE9C10C61A9"
},
{
"criteria": "cpe:2.3:a:nextcloud:talk:14.0.0:rc4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "23E4482D-FD38-483E-8B69-3D2CCB849D87"
}
],
"operator": "OR"
}
]
}
]