Home > Vulnerability Database > CVE-2023-22473

Mend.io Vulnerability Database

CVE-2023-22473

Date: January 9, 2023

Talk-Android enables users to have video & audio calls through Nextcloud on Android. Due to passcode bypass, an attacker is able to access the user's Nextcloud files and view conversations. To exploit this the attacker needs to have physical access to the target's device. There are currently no known workarounds available. It is recommended that the Nextcloud Talk Android app is upgraded to 15.0.2.

Language: KOTLIN

Severity Score

2.1

Related Resources (5)

Url: https://hackerone.com/reports/1784645

Url: https://github.com/nextcloud/talk-android/pull/2598

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-22473

Url: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wvr4-gc4c-6vmx

Url: https://www.mend.io/vulnerability-database/CVE-2023-22473

Severity Score

2.1

Weakness Type (CWE)

Improper Access Control

CWE-284

CVSS v3.1

Base Score:	2.1
Attack Vector (AV):	PHYSICAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-22473

Date: January 9, 2023

Language: KOTLIN

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?