CVE-2022-24887 - Vulnerability Details - OpenCVE

Nextcloud Talk is a video and audio conferencing app for Nextcloud, a self-hosted productivity platform. Prior to versions 11.3.4, 12.2.2, and 13.0.0, when sharing a Deck card in conversation, the metaData can be manipulated so users can be tricked into opening arbitrary URLs. This issue is fixed in versions 11.3.4, 12.2.2, and 13.0.0. There are currently no known workarounds.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Nextcloud	Talk

Configuration 1 [-]

OR	cpe:2.3:a:nextcloud:talk::::::::
	cpe:2.3:a:nextcloud:talk::::::::
	cpe:2.3:a:nextcloud:talk:13.0.0:rc1::::::
	cpe:2.3:a:nextcloud:talk:13.0.0:rc2::::::
	cpe:2.3:a:nextcloud:talk:13.0.0:rc3::::::
	cpe:2.3:a:nextcloud:talk:13.0.0:rc4::::::

No data.

References

Link	Providers
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-j45w-7mpq-264c
https://github.com/nextcloud/spreed/pull/6410
https://hackerone.com/reports/1358977

History

Tue, 22 Apr 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2022-04-27T13:55:11.000Z

Updated: 2025-04-22T18:03:04.108Z

Reserved: 2022-02-10T00:00:00.000Z

Link: CVE-2022-24887

Vulnrichment

Updated: 2024-08-03T04:29:00.701Z

NVD

Status : Modified

Published: 2022-04-27T14:15:09.137

Modified: 2024-11-21T06:51:19.537

Link: CVE-2022-24887

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "security-advisories", "vendor": "nextcloud", "versions": [{"status": "affected", "version": "< 11.3.4"}, {"status": "affected", "version": "< 12.2.2"}, {"status": "affected", "version": "< 13.0.0"}]}], "descriptions": [{"lang": "en", "value": "Nextcloud Talk is a video and audio conferencing app for Nextcloud, a self-hosted productivity platform. Prior to versions 11.3.4, 12.2.2, and 13.0.0, when sharing a Deck card in conversation, the metaData can be manipulated so users can be tricked into opening arbitrary URLs. This issue is fixed in versions 11.3.4, 12.2.2, and 13.0.0. There are currently no known workarounds."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-601", "description": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-04-27T13:55:11.000Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-j45w-7mpq-264c"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/nextcloud/spreed/pull/6410"}, {"tags": ["x_refsource_MISC"], "url": "https://hackerone.com/reports/1358977"}], "source": {"advisory": "GHSA-j45w-7mpq-264c", "discovery": "UNKNOWN"}, "title": "Open Redirect in Nextcloud Talk", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-24887", "STATE": "PUBLIC", "TITLE": "Open Redirect in Nextcloud Talk"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "security-advisories", "version": {"version_data": [{"version_value": "< 11.3.4"}, {"version_value": "< 12.2.2"}, {"version_value": "< 13.0.0"}]}}]}, "vendor_name": "nextcloud"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Nextcloud Talk is a video and audio conferencing app for Nextcloud, a self-hosted productivity platform. Prior to versions 11.3.4, 12.2.2, and 13.0.0, when sharing a Deck card in conversation, the metaData can be manipulated so users can be tricked into opening arbitrary URLs. This issue is fixed in versions 11.3.4, 12.2.2, and 13.0.0. There are currently no known workarounds."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')"}]}]}, "references": {"reference_data": [{"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-j45w-7mpq-264c", "refsource": "CONFIRM", "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-j45w-7mpq-264c"}, {"name": "https://github.com/nextcloud/spreed/pull/6410", "refsource": "MISC", "url": "https://github.com/nextcloud/spreed/pull/6410"}, {"name": "https://hackerone.com/reports/1358977", "refsource": "MISC", "url": "https://hackerone.com/reports/1358977"}]}, "source": {"advisory": "GHSA-j45w-7mpq-264c", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T04:29:00.701Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-j45w-7mpq-264c"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/nextcloud/spreed/pull/6410"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://hackerone.com/reports/1358977"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-22T15:48:27.804292Z", "id": "CVE-2022-24887", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-22T18:03:04.108Z"}}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-24887", "datePublished": "2022-04-27T13:55:11.000Z", "dateReserved": "2022-02-10T00:00:00.000Z", "dateUpdated": "2025-04-22T18:03:04.108Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-j45w-7mpq-264c", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/nextcloud/spreed/pull/6410", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://hackerone.com/reports/1358977", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T04:29:00.701Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-24887", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-22T15:48:27.804292Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-22T15:48:29.449Z"}}], "cna": {"title": "Open Redirect in Nextcloud Talk", "source": {"advisory": "GHSA-j45w-7mpq-264c", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "nextcloud", "product": "security-advisories", "versions": [{"status": "affected", "version": "< 11.3.4"}, {"status": "affected", "version": "< 12.2.2"}, {"status": "affected", "version": "< 13.0.0"}]}], "references": [{"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-j45w-7mpq-264c", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/nextcloud/spreed/pull/6410", "tags": ["x_refsource_MISC"]}, {"url": "https://hackerone.com/reports/1358977", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Nextcloud Talk is a video and audio conferencing app for Nextcloud, a self-hosted productivity platform. Prior to versions 11.3.4, 12.2.2, and 13.0.0, when sharing a Deck card in conversation, the metaData can be manipulated so users can be tricked into opening arbitrary URLs. This issue is fixed in versions 11.3.4, 12.2.2, and 13.0.0. There are currently no known workarounds."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-601", "description": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2022-04-27T13:55:11.000Z"}, "x_legacyV4Record": {"impact": {"cvss": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, "source": {"advisory": "GHSA-j45w-7mpq-264c", "discovery": "UNKNOWN"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "< 11.3.4"}, {"version_value": "< 12.2.2"}, {"version_value": "< 13.0.0"}]}, "product_name": "security-advisories"}]}, "vendor_name": "nextcloud"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-j45w-7mpq-264c", "name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-j45w-7mpq-264c", "refsource": "CONFIRM"}, {"url": "https://github.com/nextcloud/spreed/pull/6410", "name": "https://github.com/nextcloud/spreed/pull/6410", "refsource": "MISC"}, {"url": "https://hackerone.com/reports/1358977", "name": "https://hackerone.com/reports/1358977", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "Nextcloud Talk is a video and audio conferencing app for Nextcloud, a self-hosted productivity platform. Prior to versions 11.3.4, 12.2.2, and 13.0.0, when sharing a Deck card in conversation, the metaData can be manipulated so users can be tricked into opening arbitrary URLs. This issue is fixed in versions 11.3.4, 12.2.2, and 13.0.0. There are currently no known workarounds."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-24887", "STATE": "PUBLIC", "TITLE": "Open Redirect in Nextcloud Talk", "ASSIGNER": "security-advisories@github.com"}}}}, "cveMetadata": {"cveId": "CVE-2022-24887", "state": "PUBLISHED", "dateUpdated": "2025-04-22T18:03:04.108Z", "dateReserved": "2022-02-10T00:00:00.000Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2022-04-27T13:55:11.000Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nextcloud:talk:*:*:*:*:*:*:*:*", "matchCriteriaId": "8934B0ED-43E6-47E0-A87C-D5D9AA93196D", "versionEndExcluding": "11.3.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:nextcloud:talk:*:*:*:*:*:*:*:*", "matchCriteriaId": "28E18DA7-486E-4FBA-B74D-62C8ECAD4DF6", "versionEndExcluding": "12.2.4", "versionStartIncluding": "12.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nextcloud:talk:13.0.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "349B61E1-4A94-4867-8531-210E0B695849", "vulnerable": true}, {"criteria": "cpe:2.3:a:nextcloud:talk:13.0.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "CCC931BA-0703-4205-B8B4-444162607D18", "vulnerable": true}, {"criteria": "cpe:2.3:a:nextcloud:talk:13.0.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "ED84AFEE-1472-4DBA-A07F-ED3E55F16E30", "vulnerable": true}, {"criteria": "cpe:2.3:a:nextcloud:talk:13.0.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "5ED05D43-44AE-4FCC-B95A-F55B27C27B3B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Nextcloud Talk is a video and audio conferencing app for Nextcloud, a self-hosted productivity platform. Prior to versions 11.3.4, 12.2.2, and 13.0.0, when sharing a Deck card in conversation, the metaData can be manipulated so users can be tricked into opening arbitrary URLs. This issue is fixed in versions 11.3.4, 12.2.2, and 13.0.0. There are currently no known workarounds."}, {"lang": "es", "value": "Nextcloud Talk es una aplicaci\u00f3n de videoconferencia y audioconferencia para Nextcloud, una plataforma de productividad autoalojada. En versiones anteriores a 11.3.4, 12.2.2 y 13.0.0, cuando era compartida una tarjeta Deck en una conversaci\u00f3n, los metadatos pod\u00edan ser manipulados para que los usuarios pudieran ser enga\u00f1ados para abrir URLs arbitrarias. Este problema ha sido corregido en las versiones 11.3.4, 12.2.2 y 13.0.0. Actualmente no se presentan medidas de mitigaci\u00f3n conocidas"}], "id": "CVE-2022-24887", "lastModified": "2024-11-21T06:51:19.537", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-04-27T14:15:09.137", "references": [{"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-j45w-7mpq-264c"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/nextcloud/spreed/pull/6410"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://hackerone.com/reports/1358977"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-j45w-7mpq-264c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/nextcloud/spreed/pull/6410"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://hackerone.com/reports/1358977"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-601"}], "source": "nvd@nist.gov", "type": "Primary"}]}