Path Traversal in Nextcloud Security-advisories
CVE-2023-39957
Nextcloud Talk Android allows users to place video and audio calls through Nextcloud on Android. Prior to version 17.0.0, an unprotected intend allowed malicious third party apps to trick the Talk Android app into writing files outside of…
Vulnerability class: Path Traversal (Directory Traversal)
EPSS: 0.003 (24.5th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.
Affected products
- Nextcloud Security-advisories — versions < 17.0.0
- Nextcloud Talk — versions 17.0.0
Weakness classification (CWE)
Public proof-of-concept exploits
References
- security-advisories@github.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
- security-advisories@github.com (Patch, x_refsource_MISC)
- security-advisories@github.com (Third Party Advisory, x_refsource_MISC, Issue Tracking)
Frequently asked questions
- What is CVE-2023-39957?
- CVE-2023-39957 is a high-severity vulnerability in Nextcloud Security-advisories, classified under Path Traversal. CVSS score: 7.8/10. Published 2023-08-10.
- How severe is CVE-2023-39957?
- High severity. CVSS v3 base score is 7.8 out of 10.
- Is CVE-2023-39957 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.