Vulnerability CVE-2022-24890


Published: 2022-05-17

Description:
Nextcloud Talk is a video and audio conferencing app for Nextcloud. In versions prior to 13.0.5 and 14.0.0, a call moderator can indirectly enable user webcams by granting permissions, if they were enabled before removing the permissions. A patch is available in versions 13.0.5 and 14.0.0. There are currently no known workarounds.

Type:

CWE-200

(Information Exposure)

 References:
https://github.com/nextcloud/spreed/issues/7048
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vxpr-hcqq-7fw7
https://github.com/nextcloud/spreed/pull/7092
https://github.com/nextcloud/spreed/pull/7034

Copyright 2022, cxsecurity.com

 

Back to Top