Nextcloud Talk is a video and audio conferencing app for Nextcloud. In versions prior to 13.0.5 and 14.0.0, a call moderator can indirectly…
GitHub_M·CWE-359·Published 2022-05-17
Nextcloud Talk is a video and audio conferencing app for Nextcloud. In versions prior to 13.0.5 and 14.0.0, a call moderator can indirectly enable user webcams by granting permissions, if they were enabled before removing the permissions. A patch is available in versions 13.0.5 and 14.0.0. There are currently no known workarounds.
Nextcloud Talk is a video and audio conferencing app for Nextcloud. In versions prior to 13.0.5 and 14.0.0, a call moderator can indirectly enable user webcams by granting permissions, if they were enabled before removing the permissions. A patch is available in versions 13.0.5 and 14.0.0. There are currently no known workarounds.
Nextcloud Talk es una aplicación de videoconferencia y audioconferencia para Nextcloud. En versiones anteriores a 13.0.5 y 14.0.0, un moderador de llamadas puede habilitar indirectamente las cámaras web de los usuarios concediendo permisos, si estaban habilitadas antes de eliminar los permisos. Se presenta un parche disponible en versiones 13.0.5 y 14.0.0. Actualmente no se conocen medidas de mitigación
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 3.5 | 6.8 | 2.9 | AV:N/AC:M/Au:S/C:N/I:P/A:N |
| 3.1 | Primary | NVD | 4.3 | 2.8 | 1.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
| 3.1 | Primary | cve.org | 2.4 | — | — | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N |
| 3.1 | Primary | cve.org | 2.4 | — | — | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N |
| 3.1 | Secondary | NVD | 2.4 | 0.9 | 1.4 | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N |