CVE-2022-35932
low-risk
Published 2022-08-12
Nextcloud Talk is a video and audio conferencing app for Nextcloud. Prior to versions 12.2.7, 13.0.7, and 14.0.3, password protected conversations are susceptible to brute force attacks if the attacker has the link/conversation token. It is recommended that the Nextcloud Talk application is upgraded to 12.2.7, 13.0.7 or 14.0.3. There are currently no known workarounds available apart from not having password protected conversations.
Do I need to act?
~
1.1% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.5/10
Low
NETWORK
/ LOW complexity
Affected Products (1)
Affected Vendors
References (18)
Issue Tracking
https://github.com/nextcloud/spreed/pull/7504
Issue Tracking
https://github.com/nextcloud/spreed/pull/7535
Issue Tracking
https://github.com/nextcloud/spreed/pull/7536
Issue Tracking
https://github.com/nextcloud/spreed/pull/7537
Issue Tracking
https://hackerone.com/reports/1596673
Issue Tracking
https://github.com/nextcloud/spreed/pull/7504
Issue Tracking
https://github.com/nextcloud/spreed/pull/7535
Issue Tracking
https://github.com/nextcloud/spreed/pull/7536
Issue Tracking
https://github.com/nextcloud/spreed/pull/7537
Issue Tracking
https://hackerone.com/reports/1596673
24
/ 100
low-risk
Severity
16/34 · Moderate
Exploitability
3/34 · Minimal
Exposure
5/34 · Minimal