CVE-2023-22473

Source
https://cve.org/CVERecord?id=CVE-2023-22473
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-22473.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-22473
Aliases
  • GHSA-wvr4-gc4c-6vmx
Published
2023-01-09T14:07:14.923Z
Modified
2026-07-08T07:34:13.582646500Z
Severity
  • 2.1 (Low) CVSS_V3 - CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS Calculator
Summary
Passcode bypass on Talk-Android app
Details

Talk-Android enables users to have video & audio calls through Nextcloud on Android. Due to passcode bypass, an attacker is able to access the user's Nextcloud files and view conversations. To exploit this the attacker needs to have physical access to the target's device. There are currently no known workarounds available. It is recommended that the Nextcloud Talk Android app is upgraded to 15.0.2.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/22xxx/CVE-2023-22473.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-284"
    ]
}
References

Affected packages

Git / github.com/nextcloud/spreed

Affected ranges

Type
GIT
Repo
https://github.com/nextcloud/spreed
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:nextcloud:talk:*:*:*:*:*:android:*:*",
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "15.0.2"
        }
    ]
}
Type
GIT
Repo
https://github.com/nextcloud/talk-android
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:nextcloud:talk:*:*:*:*:*:android:*:*",
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "15.0.2"
        }
    ]
}

Affected versions

Other
alpha-
alpha-110000002
alpha-110000004
alpha-110000005
alpha-110000006
alpha-120000002
alpha-120000003
alpha-120000004
alpha-120000005
alpha-120000006
alpha-120000007
alpha-120000008
alpha-120000013
alpha-120000014
alpha-120000015
alpha-120000016
alpha-120020002
alpha-120020003
alpha-120020004
alpha-120020005
alpha-120020006
alpha-120020007
alpha-120030002
alpha-120030003
alpha-120030004
alpha-120030005
alpha-120030006
alpha-120030007
alpha-120030008
alpha-120030009
alpha-120030010
alpha-120030011
alpha-120030012
alpha-120030013
alpha-120030014
alpha-130000002
alpha-130010002
alpha-130010003
alpha-130010004
alpha-130010005
alpha-130010006
alpha-130010007
alpha-130010008
alpha-130010009
alpha-130010010
alpha-130010011
alpha-130010012
alpha-130010013
alpha-130010014
alpha-130010015
alpha-130010016
alpha-130010017
alpha-130010018
alpha-140010002
alpha-140010003
alpha-140010004
alpha-140010005
alpha-140010006
alpha-140010007
alpha-140010008
alpha-140010009
alpha-140010010
alpha-140010011
alpha-140010012
alpha-140020002
alpha-140020003
alpha-140020004
alpha-140020005
alpha-140020006
alpha-150000002
alpha-150000003
alpha-150000004
alpha-150000005
alpha-150000006
v0.*
v0.1.0
v0.1.1
v0.1.2
v0.2.0
v1.*
v1.0
v1.0.1
v1.0.10
v1.0.11
v1.0.12
v1.0.13
v1.0.14
v1.0.2
v1.0.21
v1.0.22
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.0.7
v1.0.8
v1.0.9
v1.1.0
v1.1.0beta1
v1.1.0beta2
v1.1.0beta3
v1.1.0beta4
v1.1.1
v1.1.2
v1.2
v1.2.0beta1
v1.2.0beta2
v1.2.0beta3
v10.*
v10.0.0-beta.1
v10.0.0-beta.2
v10.0.0-rc.1
v11.*
v11.0.0
v11.0.0-alpha.1
v11.0.0-alpha.2
v11.0.0-alpha.3
v11.0.0-alpha.4
v12.*
v12.0.0-alpha.1
v12.0.0-alpha.2
v12.0.0-alpha.3
v14.*
v14.0.0-beta.1
v14.0.0-rc.1
v15.*
v15.0.0
v15.0.0-beta.1
v15.0.0-beta.2
v15.0.0-beta.3
v15.0.0-beta.4
v15.0.0-rc.1
v15.0.0-rc.2
v15.0.0-rc.3
v15.0.0-rc.4
v15.0.0-rc.5
v15.0.0rc1
v15.0.0rc2
v15.0.0rc3
v15.0.0rc4
v15.0.0rc5
v15.0.1
v15.0.2rc1
v2.*
v2.0.0
v2.0.0beta4
v2.0.0beta5
v2.1.0
v2.1.0beta1
v2.1.0beta2
v2.1.0beta3
v2.1.0beta4
v2.1.0beta5
v2.9.0
v2.9.1
v3.*
v3.0.0
v3.0.0beta1
v3.0.0beta10
v3.0.0beta3
v3.0.0beta4
v3.0.0beta5
v3.0.0beta6
v3.0.0beta7
v3.0.0beta8
v3.0.1
v3.1.0
v3.1.0beta1
v3.1.0beta2
v3.1.0beta3
v3.1.0beta4
v3.1.0beta5
v3.1.0beta6
v3.2.0beta1
v3.2.0beta2
v3.2.0beta3
v3.2.0beta4
v3.2.0beta5
v3.3.0beta1
v3.3.0beta2
v3.3.0beta3
v3.99.10
v3.99.11
v3.99.12
v3.99.8
v4.*
v4.0.0
v4.99.5
v5.*
v5.99.10
v6.*
v6.0.0
v6.0.0-rc.1
v6.0.0-rc.2
v6.0.0beta1
v6.0.0beta2
v6.0.0beta3
v6.0.0beta4
v6.0.1
v6.0.2
v6.0.6-internal
v6.0.6internal
v6.0.7beta
v6.1.0
v7.*
v7.0.0
v7.0.0-beta.1
v7.0.0beta1
v7.0.0beta2
v7.0.0beta3
v7.0.0beta4
v7.0.0beta5
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v8.*
v8.0.0
v8.0.0-alpha.1
v8.0.0-alpha.2
v8.0.0-alpha.3
v8.0.0-alpha.4
v8.0.0-alpha.5
v8.0.0-alpha.6
v8.0.0beta1
v8.0.0beta2
v8.0.0beta3
v8.0.0beta4
v8.0.1
v8.0.10
v8.0.2
v8.0.3
v8.0.4
v8.0.5
v8.0.6
v8.0.7
v8.0.8
v8.0.9
v8.1.0
v8.1.0rc1
v8.2.0
v9.*
v9.0.0-beta.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-22473.json"