CVE-2022-41926
low-risk
Published 2022-11-25
Nextcould talk android is the android OS implementation of the nextcloud talk chat system. In affected versions the receiver is not protected by broadcastPermission allowing malicious apps to monitor communication. It is recommended that the Nextcloud Talk Android is upgraded to 14.1.0. There are no known workarounds for this issue.
Do I need to act?
-
0.07% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.3/10
Low
LOCAL
/ LOW complexity
Affected Products (1)
Affected Vendors
References (6)
Third Party Advisory
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-564v-3...
Permissions Required
https://hackerone.com/reports/1596459
Third Party Advisory
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-564v-3...
Permissions Required
https://hackerone.com/reports/1596459
18
/ 100
low-risk
Severity
13/34 · Low
Exploitability
0/34 · Minimal
Exposure
5/34 · Minimal