CVE-2022-41926: Nextcloud Talk Android broadcast incorrect permission handling
First published: Fri Nov 25 2022(Updated: )
Nextcould talk android is the android OS implementation of the nextcloud talk chat system. In affected versions the receiver is not protected by broadcastPermission allowing malicious apps to monitor communication. It is recommended that the Nextcloud Talk Android is upgraded to 14.1.0. There are no known workarounds for this issue.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nextcloud Talk Android | <14.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2022-41926.
What is the affected software?
The affected software is Nextcloud Talk Android version up to but excluding 14.1.0.
What is the severity of CVE-2022-41926?
The severity of CVE-2022-41926 is medium (CVSS score 5.5).
What is the recommended upgrade version for Nextcloud Talk Android?
It is recommended to upgrade Nextcloud Talk Android to version 14.1.0.
How can I fix the vulnerability in Nextcloud Talk Android?
To fix the vulnerability, upgrade Nextcloud Talk Android to version 14.1.0.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/author
- agent/severity
- agent/title
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/first-publish-date
- agent/tags
- agent/description
- agent/event
- vendor/nextcloud
- canonical/nextcloud talk android