Vulnerability Details : CVE-2022-24887
Nextcloud Talk is a video and audio conferencing app for Nextcloud, a self-hosted productivity platform. Prior to versions 11.3.4, 12.2.2, and 13.0.0, when sharing a Deck card in conversation, the metaData can be manipulated so users can be tricked into opening arbitrary URLs. This issue is fixed in versions 11.3.4, 12.2.2, and 13.0.0. There are currently no known workarounds.
Vulnerability category: Open redirect
Products affected by CVE-2022-24887
- cpe:2.3:a:nextcloud:talk:*:*:*:*:*:*:*:*
- cpe:2.3:a:nextcloud:talk:*:*:*:*:*:*:*:*
- cpe:2.3:a:nextcloud:talk:13.0.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:nextcloud:talk:13.0.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:nextcloud:talk:13.0.0:rc4:*:*:*:*:*:*
- cpe:2.3:a:nextcloud:talk:13.0.0:rc1:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-24887
0.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 42 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-24887
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:N |
8.6
|
4.9
|
NIST | |
6.1
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
2.8
|
2.7
|
NIST | |
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
2.8
|
1.4
|
GitHub, Inc. |
CWE ids for CVE-2022-24887
-
A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.Assigned by:
- nvd@nist.gov (Primary)
- security-advisories@github.com (Secondary)
References for CVE-2022-24887
-
https://hackerone.com/reports/1358977
#1358977 When sharing a Deck card in conversation the metaData can be manipulated to open arbitrary URLExploit;Third Party Advisory
-
https://github.com/nextcloud/spreed/pull/6410
Limit URLs to trusted domains for now by nickvergessen · Pull Request #6410 · nextcloud/spreed · GitHubPatch;Third Party Advisory
-
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-j45w-7mpq-264c
When sharing a Deck card in conversation the metaData can be manipulated to open arbitrary URL · Advisory · nextcloud/security-advisories · GitHubThird Party Advisory
Jump to