CVE-2023-39957
- Source
- https://cve.org/CVERecord?id=CVE-2023-39957
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-39957.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-39957
- Aliases
-
- GHSA-36f7-93f3-mcfj
- Published
- 2023-08-10T15:04:16.233Z
- Modified
- 2026-04-10T05:00:32.766134Z
- Severity
-
- 7.2 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- Path traversal allows tricking the Talk Android app into writing files into it's root directory
- Details
-
Nextcloud Talk Android allows users to place video and audio calls through Nextcloud on Android. Prior to version 17.0.0, an unprotected intend allowed malicious third party apps to trick the Talk Android app into writing files outside of its intended cache directory. Nextcloud Talk Android version 17.0.0 has a patch for this issue. No known workarounds are available.
- Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-22" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/39xxx/CVE-2023-39957.json" }- References
-
- https://hackerone.com/reports/1997029
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/39xxx/CVE-2023-39957.json
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-36f7-93f3-mcfj
- https://nvd.nist.gov/vuln/detail/CVE-2023-39957
- https://github.com/nextcloud/talk-android/pull/3064
Affected packages
Git / github.com/nextcloud/talk-android
Affected ranges
- Type
- GIT
- Repo
- https://github.com/nextcloud/talk-android
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
alpha-
alpha-110000002
alpha-110000004
alpha-110000005
alpha-110000006
alpha-120000002
alpha-120000003
alpha-120000004
alpha-120000005
alpha-120000006
alpha-120000007
alpha-120000008
alpha-120000013
alpha-120000014
alpha-120000015
alpha-120000016
alpha-120020002
alpha-120020003
alpha-120020004
alpha-120020005
alpha-120020006
alpha-120020007
alpha-120030002
alpha-120030003
alpha-120030004
alpha-120030005
alpha-120030006
alpha-120030007
alpha-120030008
alpha-120030009
alpha-120030010
alpha-120030011
alpha-120030012
alpha-120030013
alpha-120030014
alpha-130000002
alpha-130010002
alpha-130010003
alpha-130010004
alpha-130010005
alpha-130010006
alpha-130010007
alpha-130010008
alpha-130010009
alpha-130010010
alpha-130010011
alpha-130010012
alpha-130010013
alpha-130010014
alpha-130010015
alpha-130010016
alpha-130010017
alpha-130010018
alpha-140010002
alpha-140010003
alpha-140010004
alpha-140010005
alpha-140010006
alpha-140010007
alpha-140010008
alpha-140010009
alpha-140010010
alpha-140010011
alpha-140010012
alpha-140020002
alpha-140020003
alpha-140020004
alpha-140020005
alpha-140020006
alpha-150000002
alpha-150000003
alpha-150000004
alpha-150000005
alpha-150000006
alpha-150010002
alpha-150010003
alpha-150010004
alpha-150010005
alpha-150010006
alpha-150010007
alpha-150010008
alpha-150010009
alpha-150010010
alpha-150010011
alpha-150010012
alpha-150020002
alpha-150020003
alpha-150020004
alpha-150020005
alpha-160000002
alpha-160000003
alpha-160000004
alpha-160000005
alpha-160000006
alpha-160000007
alpha-160010002
alpha-160010003
alpha-160010004
alpha-160010005
alpha-160010006
alpha-160010007
alpha-160010008
alpha-170000002
v0.*
v0.1.0
v0.1.1
v0.1.2
v0.2.0
v1.*
v1.0
v1.0.1
v1.0.10
v1.0.11
v1.0.12
v1.0.13
v1.0.14
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.0.7
v1.0.8
v1.0.9
v1.1.0
v1.1.0beta1
v1.1.0beta2
v1.1.0beta3
v1.1.0beta4
v1.1.1
v1.2.0beta1
v1.2.0beta2
v1.2.0beta3
v11.*
v11.0.0
v17.*
v17.0.0rc1
v17.0.0rc2
v17.0.0rc3
v17.0.0rc4
v2.*
v2.0.0
v2.0.0beta4
v2.0.0beta5
v2.1.0
v2.1.0beta1
v2.1.0beta2
v2.1.0beta3
v2.1.0beta4
v2.1.0beta5
v3.*
v3.0.0
v3.0.0beta1
v3.0.0beta10
v3.0.0beta3
v3.0.0beta4
v3.0.0beta5
v3.0.0beta6
v3.0.0beta7
v3.0.0beta8
v3.0.1
v3.1.0
v3.1.0beta1
v3.1.0beta2
v3.1.0beta3
v3.1.0beta4
v3.1.0beta5
v3.1.0beta6
v3.2.0beta1
v3.2.0beta2
v3.2.0beta3
v3.2.0beta4
v3.2.0beta5
v3.3.0beta1
v3.3.0beta2
v3.3.0beta3
v6.*
v6.0.0
v6.0.0beta1
v6.0.0beta2
v6.0.0beta3
v6.0.0beta4
v6.0.1
v6.0.2
v6.0.6-internal
v6.0.6internal
v6.0.7beta
v6.1.0
v7.*
v7.0.0
v7.0.0beta1
v7.0.0beta2
v7.0.0beta3
v7.0.0beta4
v7.0.0beta5
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v8.*
v8.0.0
v8.0.0beta1
v8.0.0beta2
v8.0.0beta3
v8.0.0beta4
v8.0.1
v8.0.10
v8.0.2
v8.0.3
v8.0.4
v8.0.5
v8.0.6
v8.0.7
v8.0.8
v8.0.9
v8.1.0
v8.1.0rc1
v8.2.0