CVE-2023-26041

LOW

Nextcloud Talk <15.0.3 - Info Disclosure

Title source: llm

Description

Nextcloud Talk is a fully on-premises audio/video and chat communication service. When cron jobs were misconfigured and therefore messages are not expired, the API would still return them while they were then hidden by the frontend code. It is recommended that the Nextcloud Talk is upgraded to 15.0.3. There are no workaround available.

References (3)

[Vendor Advisory] https://github.com/nextcloud/security-advisories/security/advisories/GHSA-j53p-r755-v4jf

[Patch] https://github.com/nextcloud/spreed/pull/8515

[Exploit, Third Party Advisory] https://hackerone.com/reports/1784310

Scores

CVSS v3 2.6

EPSS 0.0022

EPSS Percentile 44.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N

Classification

CWE

CWE-359 CWE-668

Status published

Affected Products (1)

nextcloud/nextcloud_talk < 15.0.3

Timeline

Published Feb 27, 2023

Tracked Since Feb 18, 2026