CVE-2023-39957
CVSS 3.1 Score 7.8 of 10 (high)
Details
Published Aug 10, 2023
Updated: Aug 16, 2023
CWE ID 22
Summary
CVE-2023-39957 is a vulnerability affecting the Nextcloud Talk Android application. Before version 17.0.0, the app did not adequately protect an intent, enabling malicious third-party apps to manipulate it and induce the Talk Android app to write files outside of its designated cache directory. This issue can potentially expose sensitive data and may lead to unauthorized access. Users are advised to update to version 17.0.0, which includes a patch for this vulnerability. No known workarounds are currently available.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Nextcloud Talk
Affected Vendors
- Nextcloud GmbH