CVE-2023-28845

LOW Year: 2023
CVSS v3 Score
3.5
Low
Weakness Type
CWE-284
View all →

Vulnerability Description

Nextcloud talk is a video & audio conferencing app for Nextcloud. In affected versions the talk app does not properly filter access to a conversations member list. As a result an attacker could use this vulnerability to gain information about the members of a Talk conversation, even if they themselves are not members. It is recommended that the Nextcloud Talk is upgraded to 14.0.9 or 15.0.4. There are no known workarounds for this vulnerability.

Related Vulnerabilities

CVE-2016-4874

LOW
CVSS:3.5(Low)

Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a "reflected file download" attack.

CWE-2842016

CVE-2020-3126

LOW
CVSS:3.5(Low)

vulnerability within the Multimedia Viewer feature of Cisco Webex Meetings could allow an authenticated, remote attacker to bypass security protections. The vulnerability is due to missing security wa...

CWE-2842020

CVE-2021-22567

LOW
CVSS:3.5(Low)

Bidirectional Unicode text can be interpreted and compiled differently than how it appears in editors which can be exploited to get nefarious code passed a code review by appearing benign. An attacker...

CWE-2842021

CVE-2022-39860

LOW
CVSS:3.5(Low)

Improper access control vulnerability in QuickShare prior to version 13.2.3.5 allows attackers to access sensitive information via implicit broadcast.

CWE-2842022

CVE-2023-49098

LOW
CVSS:3.5(Low)

Discourse-reactions is a plugin that allows user to add their reactions to the post. Data about a user's reaction notifications could be exposed. This vulnerability was patched in commit 2c26939.

CWE-2842023

CVE-2024-30107

LOW
CVSS:3.5(Low)

HCL Connections contains a broken access control vulnerability that may expose sensitive information to unauthorized users in certain scenarios.

CWE-2842024