First published: Mon Jan 09 2023(Updated: )
Talk-Android enables users to have video & audio calls through Nextcloud on Android. Due to passcode bypass, an attacker is able to access the user's Nextcloud files and view conversations. To exploit this the attacker needs to have physical access to the target's device. There are currently no known workarounds available. It is recommended that the Nextcloud Talk Android app is upgraded to 15.0.2.
Credit: security-advisories@github.com security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Nextcloud Talk Android | <15.0.2 | |
<15.0.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-22473 is a vulnerability in Nextcloud Talk Android that allows an attacker to bypass passcode and access user's Nextcloud files and view conversations.
The severity of CVE-2023-22473 is low.
To exploit CVE-2023-22473, the attacker needs physical access to the target's device.
Yes, a fix is available for CVE-2023-22473. Users should update to the latest version of Nextcloud Talk Android.
You can find more information about CVE-2023-22473 at the following references: [link1], [link2], [link3].