PT-2022-23038 · Nextcloud · Nextcloud Talk

Errorsec

Published

2022-08-12

Updated

2022-08-15

CVE-2022-35932

CVSS v3.1

3.5

Low

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Nextcloud Talk versions prior to 12.2.7 Nextcloud Talk versions prior to 13.0.7 Nextcloud Talk versions prior to 14.0.3

Description Nextcloud Talk is a video and audio conferencing app for Nextcloud. Password protected conversations are susceptible to brute force attacks if the attacker has the link or conversation token.

Recommendations For versions prior to 12.2.7, upgrade to version 12.2.7. For versions prior to 13.0.7, upgrade to version 13.0.7. For versions prior to 14.0.3, upgrade to version 14.0.3. As a temporary workaround, consider not having password protected conversations until the issue is resolved.

Exploit

Fix

Improper Restriction of Excessive Authentication Attempts

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-359CWE-307

Related Identifiers

CVE-2022-35932

GHSA-PF36-JVPV-4HWQ

Affected Products

Nextcloud Talk

PT-2022-23038 · Nextcloud · Nextcloud Talk

CVE-2022-35932

Weakness Enumeration

Related Identifiers

Affected Products

References · 13