Lucene search
NextcloudGHSA-564V-3RFC-352MHistoryNov 25, 2022 - 11:23 a.m.
Talk Android broadcast receiver is not protected by broadcastPermission allowing malicious apps to communicate
2022-11-2511:23:41
github.com
22
android
nextcloud
communication
interference
security advisory
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
28.1%
Description
Impact
Potential interference on starting a call or requesting media permissions
Patches
It is recommended that the Nextcloud Talk Android is upgraded to 14.1.0
Workarounds
No workaround available
References
For more information
If you have any questions or comments about this advisory:
- Create a post in nextcloud/security-advisories
- Customers: Open a support ticket at support.nextcloud.com
Related
cvelist
cvelist
prion
prion
Design/Logic Flaw
2022-11-25 19:15:00
osv
osv
CVE-2022-41926
2022-11-25 19:15:11
nvd
nvd
CVE-2022-41926
2022-11-25 19:15:11
cve
cve
CVE-2022-41926
2022-11-25 19:15:11
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
28.1%
Related for GHSA-564V-3RFC-352M