CVE-2022-41971
MEDIUMNextcloud Talk < 12.2.8 - Information Disclosure
Title source: ruleDescription
Nextcould Talk android is a video and audio conferencing app for Nextcloud. Prior to versions 12.2.8, 13.0.10, 14.0.6, and 15.0.0, guests can continue to receive video streams from a call after being removed from a conversation. An attacker would be able to see videos on a call in a public conversation after being removed from that conversation, provided that they were removed while being in the call. Versions 12.2.8, 13.0.10, 14.0.6, and 15.0.0 contain patches for the issue. No known workarounds are available.
Scores
CVSS v3
4.8
EPSS
0.0027
EPSS Percentile
49.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
Classification
CWE
CWE-359
CWE-200
CWE-668
Status
published
Affected Products (1)
nextcloud/nextcloud_talk
< 12.2.8
Timeline
Published
Dec 01, 2022
Tracked Since
Feb 18, 2026