Vulnerability Details : CVE-2023-22473
Potential exploit
Talk-Android enables users to have video & audio calls through Nextcloud on Android. Due to passcode bypass, an attacker is able to access the user's Nextcloud files and view conversations. To exploit this the attacker needs to have physical access to the target's device. There are currently no known workarounds available. It is recommended that the Nextcloud Talk Android app is upgraded to 15.0.2.
Vulnerability category: BypassGain privilege
Products affected by CVE-2023-22473
- cpe:2.3:a:nextcloud:talk:*:*:*:*:*:android:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-22473
0.03%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 7 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-22473
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
2.1
|
LOW | CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N |
0.7
|
1.4
|
NIST | |
|
2.1
|
LOW | CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N |
0.7
|
1.4
|
GitHub, Inc. |
CWE ids for CVE-2023-22473
-
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Assigned by: security-advisories@github.com (Primary)
References for CVE-2023-22473
-
https://github.com/nextcloud/talk-android/pull/2598
Bugfix/open notification by mahibi · Pull Request #2598 · nextcloud/talk-android · GitHubPatch;Third Party Advisory
-
https://hackerone.com/reports/1784645
HackerOneExploit;Third Party Advisory
-
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wvr4-gc4c-6vmx
Passcode bypass on Talk Android app · Advisory · nextcloud/security-advisories · GitHubThird Party Advisory
Jump to