PT-2023-20444 · Nextcloud · Nextcloud Talk

Ctulhu

Publicado

2023-02-27

Atualizado

2023-03-08

CVE-2023-26041

CVSS v3.1

2.6

Baixa

Vetor

AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Nextcloud Talk versions prior to 15.0.3

Description Nextcloud Talk is a fully on-premises audio/video and chat communication service. When cron jobs were misconfigured, messages were not expired, and the API would still return them while they were hidden by the frontend code.

Recommendations For versions prior to 15.0.3, upgrade to version 15.0.3 to resolve the issue. As a temporary workaround, consider configuring cron jobs properly to expire messages, until a patch is available.

Exploit

Correção

Exposure of Resource to Wrong Sphere

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-359CWE-668

Identificadores relacionados

CVE-2023-26041

GHSA-J53P-R755-V4JF

Produtos afetados

Nextcloud Talk

PT-2023-20444 · Nextcloud · Nextcloud Talk

CVE-2023-26041

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9