CVE-2021-41181

CVSS v3.1

2.4

Low

Vector

AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Nextcloud Android Talk App versions prior to 12.3.0

Description Nextcloud talk is a self-hosting messaging service. The Nextcloud Android Talk application did not properly detect the lockscreen state when a call was incoming. If an attacker got physical access to the locked phone, and the victim received a phone call, the attacker could gain access to the chat messages and files of the user.

Recommendations For versions prior to 12.3.0, it is recommended that the Nextcloud Android Talk App is upgraded to 12.3.0. At the moment, there are no known workarounds for this issue.

Fix

Improper Authentication

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-200

Related Identifiers

CVE-2021-41181

GHSA-497C-C8HX-6QCF

Affected Products

Nextcloud Talk Android

CVE-2021-41181

Weakness Enumeration

Related Identifiers

Affected Products

References · 8