CVE-2022-24887
- Source
- https://cve.org/CVERecord?id=CVE-2022-24887
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-24887.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-24887
- Aliases
-
- GHSA-j45w-7mpq-264c
- Published
- 2022-04-27T13:55:11Z
- Modified
- 2026-04-10T04:45:38.785906Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
- Summary
- Open Redirect in Nextcloud Talk
- Details
-
Nextcloud Talk is a video and audio conferencing app for Nextcloud, a self-hosted productivity platform. Prior to versions 11.3.4, 12.2.2, and 13.0.0, when sharing a Deck card in conversation, the metaData can be manipulated so users can be tricked into opening arbitrary URLs. This issue is fixed in versions 11.3.4, 12.2.2, and 13.0.0. There are currently no known workarounds.
- Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-601" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/24xxx/CVE-2022-24887.json" }- References
-
- https://hackerone.com/reports/1358977
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/24xxx/CVE-2022-24887.json
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-j45w-7mpq-264c
- https://nvd.nist.gov/vuln/detail/CVE-2022-24887
- https://github.com/nextcloud/spreed/pull/6410
Affected packages
Git / github.com/nextcloud/spreed
Git / github.com/nextcloud/talk-android
Affected versions
Other
alpha-
alpha-110000002
alpha-110000004
alpha-110000005
alpha-110000006
alpha-120000002
alpha-120000003
alpha-120000004
alpha-120000005
alpha-120000006
alpha-120000007
alpha-120000008
alpha-120000013
alpha-120000014
alpha-120000015
alpha-120000016
alpha-120020002
alpha-120020003
alpha-120020004
alpha-120020005
alpha-120020006
alpha-120020007
alpha-120030002
alpha-120030003
alpha-120030004
alpha-120030005
alpha-120030006
alpha-120030007
alpha-120030008
alpha-120030009
alpha-120030010
alpha-120030011
alpha-120030012
alpha-120030013
alpha-120030014
alpha-130000002
v0.*
v0.1.0
v0.1.1
v0.1.2
v0.2.0
v1.*
v1.0
v1.0.1
v1.0.10
v1.0.11
v1.0.12
v1.0.13
v1.0.14
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.0.7
v1.0.8
v1.0.9
v1.1.0
v1.1.0beta1
v1.1.0beta2
v1.1.0beta3
v1.1.0beta4
v1.1.1
v1.2.0beta1
v1.2.0beta2
v1.2.0beta3
v11.*
v11.0.0
v13.*
v13.0.0rc1
v2.*
v2.0.0
v2.0.0beta4
v2.0.0beta5
v2.1.0
v2.1.0beta1
v2.1.0beta2
v2.1.0beta3
v2.1.0beta4
v2.1.0beta5
v3.*
v3.0.0
v3.0.0beta1
v3.0.0beta10
v3.0.0beta3
v3.0.0beta4
v3.0.0beta5
v3.0.0beta6
v3.0.0beta7
v3.0.0beta8
v3.0.1
v3.1.0
v3.1.0beta1
v3.1.0beta2
v3.1.0beta3
v3.1.0beta4
v3.1.0beta5
v3.1.0beta6
v3.2.0beta1
v3.2.0beta2
v3.2.0beta3
v3.2.0beta4
v3.2.0beta5
v3.3.0beta1
v3.3.0beta2
v3.3.0beta3
v6.*
v6.0.0
v6.0.0beta1
v6.0.0beta2
v6.0.0beta3
v6.0.0beta4
v6.0.1
v6.0.2
v6.0.6-internal
v6.0.6internal
v6.0.7beta
v6.1.0
v7.*
v7.0.0
v7.0.0beta1
v7.0.0beta2
v7.0.0beta3
v7.0.0beta4
v7.0.0beta5
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v8.*
v8.0.0
v8.0.0beta1
v8.0.0beta2
v8.0.0beta3
v8.0.0beta4
v8.0.1
v8.0.10
v8.0.2
v8.0.3
v8.0.4
v8.0.5
v8.0.6
v8.0.7
v8.0.8
v8.0.9
v8.1.0
v8.1.0rc1
v8.2.0