CVE-2023-28845
Summary
Nextcloud talk is a video & audio conferencing app for Nextcloud. In affected versions the talk app does not properly filter access to a conversations member list. As a result an attacker could use this vulnerability to gain information about the members of a Talk conversation, even if they themselves are not members. It is recommended that the Nextcloud Talk is upgraded to 14.0.9 or 15.0.4. There are no known workarounds for this vulnerability.
- LOW
- NETWORK
- NONE
- UNCHANGED
- REQUIRED
- LOW
- LOW
- NONE
References
Advisory Timeline
- Published