CVE-2023-30540

CVSS V2 None CVSS V3 None

Description

Nextcloud Talk is a chat, video & audio call extension for Nextcloud. In affected versions a user that was added later to a conversation can use this information to get access to data that was deleted before they were added to the conversation. This issue has been patched in version 15.0.5 and it is recommended that users upgrad to 15.0.5. There are no known workarounds for this issue.

Overview

CVE ID
CVE-2023-30540

Assigner
security-advisories@github.com

Vulnerability Status
Undergoing Analysis

Published Version
2023-04-17T22:15:10

Last Modified Date
2023-04-18T03:15:28

Weakness Enumerations

CWE	URL
CWE-200	http://cwe.mitre.org/data/definitions/200.html

References

Reference URL	Reference Tags
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c9hr-cq65-9mjw
https://github.com/nextcloud/spreed/pull/8985
https://hackerone.com/reports/1894676

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-30540
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30540

History

Created	Old Value	New Value	Data Type	Notes
2023-04-18 00:01:37				Added to TrackCVE
2023-04-18 00:01:39			Weakness Enumeration	new
2023-04-18 04:01:16		2023-04-18T03:15:28	CVE Modified Date	updated
2023-04-18 04:01:16	Received	Awaiting Analysis	Vulnerability Status	updated
2023-04-25 11:00:52	Awaiting Analysis	Undergoing Analysis	Vulnerability Status	updated