Vulnerability Details CVE-2021-41180
Nextcloud talk is a self hosting messaging service. In versions prior 12.1.2 an attacker is able to control the link of a geolocation preview in the Nextcloud Talk application due to a lack of validation on the link. This could result in an open-redirect, but required user interaction. This only affected users of the Android Talk client. It is recommended that the Nextcloud Talk App is upgraded to 12.1.2. There are no known workarounds.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 45.8%
CVSS Severity
CVSS v3 Score 4.7
CVSS v2 Score 4.0
References
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4fxr-mrw2-cq92
- https://github.com/nextcloud/spreed/pull/6239
- https://hackerone.com/reports/1337178
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4fxr-mrw2-cq92
- https://github.com/nextcloud/spreed/pull/6239
- https://hackerone.com/reports/1337178
Products affected by CVE-2021-41180
-
cpe:2.3:a:nextcloud:talk:-
-
cpe:2.3:a:nextcloud:talk:0.1.0
-
cpe:2.3:a:nextcloud:talk:0.1.1
-
cpe:2.3:a:nextcloud:talk:0.1.2
-
cpe:2.3:a:nextcloud:talk:0.2.0
-
cpe:2.3:a:nextcloud:talk:1.0
-
cpe:2.3:a:nextcloud:talk:1.0.1
-
cpe:2.3:a:nextcloud:talk:1.0.10
-
cpe:2.3:a:nextcloud:talk:1.0.11
-
cpe:2.3:a:nextcloud:talk:1.0.12
-
cpe:2.3:a:nextcloud:talk:1.0.13
-
cpe:2.3:a:nextcloud:talk:1.0.14
-
cpe:2.3:a:nextcloud:talk:1.0.2
-
cpe:2.3:a:nextcloud:talk:1.0.3
-
cpe:2.3:a:nextcloud:talk:1.0.4
-
cpe:2.3:a:nextcloud:talk:1.0.5
-
cpe:2.3:a:nextcloud:talk:1.0.6
-
cpe:2.3:a:nextcloud:talk:1.0.7
-
cpe:2.3:a:nextcloud:talk:1.0.8
-
cpe:2.3:a:nextcloud:talk:1.0.9
-
cpe:2.3:a:nextcloud:talk:1.1.0
-
cpe:2.3:a:nextcloud:talk:1.1.1
-
cpe:2.3:a:nextcloud:talk:1.1.2
-
cpe:2.3:a:nextcloud:talk:1.1.3
-
cpe:2.3:a:nextcloud:talk:1.2.0
-
cpe:2.3:a:nextcloud:talk:11.0.0
-
cpe:2.3:a:nextcloud:talk:11.0.1
-
cpe:2.3:a:nextcloud:talk:11.1.0
-
cpe:2.3:a:nextcloud:talk:11.1.1
-
cpe:2.3:a:nextcloud:talk:11.1.2
-
cpe:2.3:a:nextcloud:talk:11.2.0
-
cpe:2.3:a:nextcloud:talk:12.1.0
-
cpe:2.3:a:nextcloud:talk:12.1.1
-
cpe:2.3:a:nextcloud:talk:2.0.0
-
cpe:2.3:a:nextcloud:talk:2.0.1
-
cpe:2.3:a:nextcloud:talk:2.0.2
-
cpe:2.3:a:nextcloud:talk:2.1.0
-
cpe:2.3:a:nextcloud:talk:2.1.1
-
cpe:2.3:a:nextcloud:talk:2.1.2
-
cpe:2.3:a:nextcloud:talk:3.0.0
-
cpe:2.3:a:nextcloud:talk:3.0.1
-
cpe:2.3:a:nextcloud:talk:3.1.0
-
cpe:2.3:a:nextcloud:talk:3.1.1
-
cpe:2.3:a:nextcloud:talk:3.1.2
-
cpe:2.3:a:nextcloud:talk:3.1.3
-
cpe:2.3:a:nextcloud:talk:3.2.0
-
cpe:2.3:a:nextcloud:talk:3.2.1
-
cpe:2.3:a:nextcloud:talk:3.2.2
-
cpe:2.3:a:nextcloud:talk:3.2.3
-
cpe:2.3:a:nextcloud:talk:3.2.4
-
cpe:2.3:a:nextcloud:talk:3.2.5
-
cpe:2.3:a:nextcloud:talk:3.2.6
-
cpe:2.3:a:nextcloud:talk:3.2.7
-
cpe:2.3:a:nextcloud:talk:3.3.0
-
cpe:2.3:a:nextcloud:talk:6.0.0
-
cpe:2.3:a:nextcloud:talk:6.0.1
-
cpe:2.3:a:nextcloud:talk:6.0.2
-
cpe:2.3:a:nextcloud:talk:6.0.3
-
cpe:2.3:a:nextcloud:talk:6.0.4
-
cpe:2.3:a:nextcloud:talk:6.0.5
-
cpe:2.3:a:nextcloud:talk:6.0.6
-
cpe:2.3:a:nextcloud:talk:6.0.7
-
cpe:2.3:a:nextcloud:talk:6.1.0
-
cpe:2.3:a:nextcloud:talk:6.1.1
-
cpe:2.3:a:nextcloud:talk:6.1.2
-
cpe:2.3:a:nextcloud:talk:6.1.3
-
cpe:2.3:a:nextcloud:talk:6.1.4
-
cpe:2.3:a:nextcloud:talk:6.1.5
-
cpe:2.3:a:nextcloud:talk:6.1.6
-
cpe:2.3:a:nextcloud:talk:7.0.0
-
cpe:2.3:a:nextcloud:talk:7.0.1
-
cpe:2.3:a:nextcloud:talk:7.0.2
-
cpe:2.3:a:nextcloud:talk:7.0.3
-
cpe:2.3:a:nextcloud:talk:7.0.4
-
cpe:2.3:a:nextcloud:talk:7.0.5
-
cpe:2.3:a:nextcloud:talk:7.0.6
-
cpe:2.3:a:nextcloud:talk:7.0.7
-
cpe:2.3:a:nextcloud:talk:7.0.8
-
cpe:2.3:a:nextcloud:talk:8.0.0
-
cpe:2.3:a:nextcloud:talk:8.0.1
-
cpe:2.3:a:nextcloud:talk:8.0.10
-
cpe:2.3:a:nextcloud:talk:8.0.2
-
cpe:2.3:a:nextcloud:talk:8.0.3
-
cpe:2.3:a:nextcloud:talk:8.0.4
-
cpe:2.3:a:nextcloud:talk:8.0.5
-
cpe:2.3:a:nextcloud:talk:8.0.6
-
cpe:2.3:a:nextcloud:talk:8.0.7
-
cpe:2.3:a:nextcloud:talk:8.0.8
-
cpe:2.3:a:nextcloud:talk:8.0.9
-
cpe:2.3:a:nextcloud:talk:8.1.0
-
cpe:2.3:a:nextcloud:talk:8.2.0
-
cpe:2.3:a:nextcloud:talk:9.0.0