admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 10:41:43 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2023/CVE-2023-39957.md

18 lines
962 B
Markdown
Raw Normal View History

Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00
### [CVE-2023-39957](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39957)
![](https://img.shields.io/static/v1?label=Product&message=security-advisories&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%2017.0.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%3A%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen)
### Description
Nextcloud Talk Android allows users to place video and audio calls through Nextcloud on Android. Prior to version 17.0.0, an unprotected intend allowed malicious third party apps to trick the Talk Android app into writing files outside of its intended cache directory. Nextcloud Talk Android version 17.0.0 has a patch for this issue. No known workarounds are available.
### POC
#### Reference
No PoCs from references.
#### Github
- https://github.com/Ch0pin/related_work
Reference in New Issue Copy Permalink