CVE-2021-41180

Name of the Vulnerable Software and Affected Versions Nextcloud Talk versions prior to 12.1.2

Description Nextcloud talk is a self-hosting messaging service. In affected versions, an attacker is able to control the link of a geolocation preview in the Nextcloud Talk application due to a lack of validation on the link. This could result in an open-redirect, but required user interaction. This only affected users of the Android Talk client.

Recommendations For versions prior to 12.1.2, it is recommended that the Nextcloud Talk App is upgraded to 12.1.2. As a temporary workaround, consider restricting the use of geolocation previews in the Nextcloud Talk application until a patch is available. Avoid using the geolocation preview feature in the affected Android Talk client until the issue is resolved.