Home > Vulnerability Database > CVE-2022-41971

Mend.io Vulnerability Database

CVE-2022-41971

Date: December 1, 2022

Nextcould Talk android is a video and audio conferencing app for Nextcloud. Prior to versions 12.2.8, 13.0.10, 14.0.6, and 15.0.0, guests can continue to receive video streams from a call after being removed from a conversation. An attacker would be able to see videos on a call in a public conversation after being removed from that conversation, provided that they were removed while being in the call. Versions 12.2.8, 13.0.10, 14.0.6, and 15.0.0 contain patches for the issue. No known workarounds are available.

Language: PHP

Severity Score

4.8

Related Resources (5)

Url: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wx6w-xpg9-6fv4

Url: https://hackerone.com/reports/1706248

Url: https://github.com/nextcloud/spreed/pull/7974

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-41971

Url: https://www.mend.io/vulnerability-database/CVE-2022-41971

Severity Score

4.8

Weakness Type (CWE)

Exposure of Resource to Wrong Sphere

CWE-668

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

Exposure of Private Personal Information to an Unauthorized Actor

CWE-359

CVSS v3.1

Base Score:	4.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-41971

Date: December 1, 2022

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?