CVE-2022-41926 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2022-41926

CVE-2022-41926

November 25, 2022

Nextcould talk android is the android OS implementation of the nextcloud talk chat system. In affected versions the receiver is not protected by broadcastPermission allowing malicious apps to monitor communication. It is recommended that the Nextcloud Talk Android is upgraded to 14.1.0. There are no known workarounds for this issue.

Related Resources (5)

https://nvd.nist.gov/vuln/detail/CVE-2022-41926

https://hackerone.com/reports/1596459

https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/41xxx/CVE-2022-41926.json

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-564v-3rfc-352m

https://github.com/nextcloud/talk-android/pull/2148

Do you need more information?

CVSS v4

Base Score:

4.8

Attack Vector

LOCAL

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

PASSIVE

Vulnerable System Confidentiality

LOW

Vulnerable System Integrity

NONE

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Weakness Type (CWE)

Incorrect Permission Assignment for Critical Resource

CWE-732

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

EPSS

Base Score:

0.07

Products

Solutions

Resources

Company

Compare

Developer Tools