Vulnerabilities > CVE-2023-30540 - Unspecified vulnerability in Nextcloud Talk

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

nextcloud

NVD

Published: 2023-04-17

Updated: 2023-04-27

Summary

Nextcloud Talk is a chat, video & audio call extension for Nextcloud. In affected versions a user that was added later to a conversation can use this information to get access to data that was deleted before they were added to the conversation. This issue has been patched in version 15.0.5 and it is recommended that users upgrad to 15.0.5. There are no known workarounds for this issue.

Vulnerable Configurations

Part	Description	Count
Application	Nextcloud Nextcloud Talk 15.0.0 Nextcloud Talk 15.0.1 Nextcloud Talk 15.0.2 Nextcloud Talk 15.0.3 Nextcloud Talk 15.0.4	5

References

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c9hr-cq65-9mjw
https://github.com/nextcloud/spreed/pull/8985
https://hackerone.com/reports/1894676