CVE-2022-41971

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-41971
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-41971.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-41971
Aliases
  • GHSA-wx6w-xpg9-6fv4
Published
2022-12-01T21:15:19Z
Modified
2024-06-06T14:07:48.490787Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Nextcould Talk android is a video and audio conferencing app for Nextcloud. Prior to versions 12.2.8, 13.0.10, 14.0.6, and 15.0.0, guests can continue to receive video streams from a call after being removed from a conversation. An attacker would be able to see videos on a call in a public conversation after being removed from that conversation, provided that they were removed while being in the call. Versions 12.2.8, 13.0.10, 14.0.6, and 15.0.0 contain patches for the issue. No known workarounds are available.

References

Affected packages

Git / github.com/nextcloud/spreed

Affected ranges

Type
GIT
Repo
https://github.com/nextcloud/spreed
Events

Affected versions

v12.*

v12.0.0
v12.1.0
v12.1.1
v12.2.0
v12.2.1
v12.2.2
v12.2.3
v12.2.4
v12.2.5
v12.2.6
v12.2.7