CVE-2023-45149

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Oct 16, 2023

Updated: Oct 20, 2023

CWE ID 307

Summary

CVE-2023-45149 is a vulnerability affecting the Nextcloud Talk chat module. In vulnerable versions, the brute force protection for public talk conversation passwords can be bypassed due to an endpoint that validates passwords without registering brute force attempts. This issue may lead to unauthorized access to chat conversations. To mitigate this risk, it is advised to upgrade the Nextcloud Talk app to versions 15.0.8, 16.0.6, or 17.1.1. No known workarounds exist for this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Nextcloud Talk

Affected Vendors

Nextcloud GmbH

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/s5FyDR
https://www.cve.org/CVERecord?id=CVE-2023-45149
https://nvd.nist.gov/vuln/detail/CVE-2023-45149

Back to Vulnerability Database