Home > Vulnerability Database > CVE-2021-41180

Mend.io Vulnerability Database

CVE-2021-41180

Good to know:

Date: March 8, 2022

Nextcloud talk is a self hosting messaging service. In versions prior 12.1.2 an attacker is able to control the link of a geolocation preview in the Nextcloud Talk application due to a lack of validation on the link. This could result in an open-redirect, but required user interaction. This only affected users of the Android Talk client. It is recommended that the Nextcloud Talk App is upgraded to 12.1.2. There are no known workarounds.

Language: JS

Severity Score

6.1

Related Resources (5)

Url: https://hackerone.com/reports/1337178

Url: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4fxr-mrw2-cq92

Url: https://github.com/nextcloud/spreed/pull/6239

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-41180

Url: https://www.mend.io/vulnerability-database/CVE-2021-41180

Severity Score

6.1

Weakness Type (CWE)

URL Redirection to Untrusted Site ('Open Redirect')

CWE-601

Top Fix

Upgrade Version

Upgrade to version v12.1.2

Learn More

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	HIGH
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-41180

Good to know:

Date: March 8, 2022

Language: JS

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?