PT-2023-22003 · Nextcloud · Nextcloud Talk

Lukasreschke

Publicado

2023-03-31

Atualizado

2023-04-07

CVE-2023-28845

CVSS v3.1

3.5

Baixa

Vetor

AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Nextcloud Talk versions prior to 14.0.9 Nextcloud Talk versions prior to 15.0.4

Description The issue arises from the talk app not properly filtering access to a conversation's member list. This allows an attacker to gain information about the members of a Talk conversation, even if they are not members themselves.

Recommendations For versions prior to 14.0.9, upgrade to 14.0.9. For versions prior to 15.0.4, upgrade to 15.0.4. As a temporary workaround, consider restricting access to the conversation member list until a patch is available.

Exploit

Correção

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284

Identificadores relacionados

CVE-2023-28845

GHSA-3M6R-479J-4CHF

Produtos afetados

Nextcloud Talk

PT-2023-22003 · Nextcloud · Nextcloud Talk

CVE-2023-28845

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6