Home > Vulnerability Database > CVE-2022-41971

Mend.io Vulnerability Database

CVE-2022-41971

Good to know:

Date: December 1, 2022

Nextcould Talk android is a video and audio conferencing app for Nextcloud. Prior to versions 12.2.8, 13.0.10, 14.0.6, and 15.0.0, guests can continue to receive video streams from a call after being removed from a conversation. An attacker would be able to see videos on a call in a public conversation after being removed from that conversation, provided that they were removed while being in the call. Versions 12.2.8, 13.0.10, 14.0.6, and 15.0.0 contain patches for the issue. No known workarounds are available.

Language: PHP

Severity Score

6.5

Related Resources (5)

Url: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wx6w-xpg9-6fv4

Url: https://hackerone.com/reports/1706248

Url: https://github.com/nextcloud/spreed/pull/7974

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-41971

Url: https://www.mend.io/vulnerability-database/CVE-2022-41971

Severity Score

6.5

Weakness Type (CWE)

Exposure of Resource to Wrong Sphere

CWE-668

Top Fix

Upgrade Version

Upgrade to version v12.2.8,v13.0.10,v14.0.6,v15.0.0

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-41971

Good to know:

Date: December 1, 2022

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?