CVE-2023-39957

Nextcloud Talk Android allows users to place video and audio calls through Nextcloud on Android. Prior to version 17.0.0, an unprotected intend allowed malicious third party apps to trick the Talk Android app into writing files outside of its intended cache directory. Nextcloud Talk Android version 17.0.0 has a patch for this issue. No known workarounds are available.

CVSS v3.0 7.8 HIGH

7.8^/10

CVSS v3.0 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/nextcloud/talk-android/pull/3064	Patch
https://hackerone.com/reports/1997029	Issue Tracking Third Party Advisory
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-36f7-93f3-mcfj	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:nextcloud:talk::::::android::*
	cpe:2.3:a:nextcloud:talk:17.0.0:rc3::::android::*
	cpe:2.3:a:nextcloud:talk:17.0.0:rc2::::android::*
	cpe:2.3:a:nextcloud:talk:17.0.0:rc1::::android::*

Information

Published : 2023-08-10 16:15

Updated : 2023-08-16 19:57

NVD link : CVE-2023-39957

Mitre link : CVE-2023-39957

JSON object : View

Products Affected

nextcloud

talk

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/nextcloud/talk-android/pull/3064", "name": "https://github.com/nextcloud/talk-android/pull/3064", "tags": ["Patch"], "refsource": "MISC"}, {"url": "https://hackerone.com/reports/1997029", "name": "https://hackerone.com/reports/1997029", "tags": ["Issue Tracking", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-36f7-93f3-mcfj", "name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-36f7-93f3-mcfj", "tags": ["Patch", "Vendor Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Nextcloud Talk Android allows users to place video and audio calls through Nextcloud on Android. Prior to version 17.0.0, an unprotected intend allowed malicious third party apps to trick the Talk Android app into writing files outside of its intended cache directory. Nextcloud Talk Android version 17.0.0 has a patch for this issue. No known workarounds are available."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-22"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2023-39957", "ASSIGNER": "security-advisories@github.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}}, "publishedDate": "2023-08-10T16:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:nextcloud:talk:*:*:*:*:*:android:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "17.0.0"}, {"cpe23Uri": "cpe:2.3:a:nextcloud:talk:17.0.0:rc3:*:*:*:android:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nextcloud:talk:17.0.0:rc2:*:*:*:android:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nextcloud:talk:17.0.0:rc1:*:*:*:android:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-08-16T19:57Z"}