CVE-2022-35932

LOW

Nextcloud Talk <12.2.7, 13.0.7, 14.0.3 - Info Disclosure

Title source: llm

Description

Nextcloud Talk is a video and audio conferencing app for Nextcloud. Prior to versions 12.2.7, 13.0.7, and 14.0.3, password protected conversations are susceptible to brute force attacks if the attacker has the link/conversation token. It is recommended that the Nextcloud Talk application is upgraded to 12.2.7, 13.0.7 or 14.0.3. There are currently no known workarounds available apart from not having password protected conversations.

References (9)

[Issue Tracking, Third Party Advisory] https://github.com/nextcloud/security-advisories/security/advisories/GHSA-pf36-jvpv-4hwq

[Issue Tracking, Patch, Third Party Advisory] https://github.com/nextcloud/spreed/pull/7504

[Issue Tracking, Patch, Third Party Advisory] https://github.com/nextcloud/spreed/pull/7535

[Issue Tracking, Patch, Third Party Advisory] https://github.com/nextcloud/spreed/pull/7536

[Issue Tracking, Patch, Third Party Advisory] https://github.com/nextcloud/spreed/pull/7537

[Patch, Third Party Advisory] https://github.com/nextcloud/spreed/commit/04300bbed0e87ff3420b5d752bbc48e2c15f35e9

[Patch, Release Notes, Third Party Advisory] https://github.com/nextcloud/spreed/commit/10341b9fe59a44ae0d139c072abd6b5026f33771

[Patch, Third Party Advisory] https://github.com/nextcloud/spreed/commit/f5ac73940f9f683b11e518d1c54150bf50dab9be

View Patch ZIP pw:eip

[Issue Tracking, Third Party Advisory] https://hackerone.com/reports/1596673

Scores

CVSS v3 3.5

EPSS 0.0109

EPSS Percentile 78.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-359 CWE-307

Status published

Products (1)

nextcloud/talk < 12.2.7

Published Aug 12, 2022

Tracked Since Feb 18, 2026