CVE-2023-39957

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Aug 10, 2023
Updated: Aug 16, 2023
CWE ID 22

Summary

CVE-2023-39957 is a vulnerability affecting the Nextcloud Talk Android application. Before version 17.0.0, the app did not adequately protect an intent, enabling malicious third-party apps to manipulate it and induce the Talk Android app to write files outside of its designated cache directory. This issue can potentially expose sensitive data and may lead to unauthorized access. Users are advised to update to version 17.0.0, which includes a patch for this vulnerability. No known workarounds are currently available.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Nextcloud Talk

Affected Vendors

  • Nextcloud GmbH