Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Last video frame is still sent after video is disabled in a call in Nextcloud Talk
Vulnerability Description
Nextcloud Talk is an open source chat, video & audio calls client for the Nextcloud platform. In affected versions an attacker could see the last video frame of any participant who has video disabled but a camera selected. It is recommended that the Nextcloud Talk app is upgraded to 13.0.8 or 14.0.4. Users unable to upgrade should select "None" as camera before joining the call.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
Nextcloud Talk 信息泄露漏洞
Vulnerability Description
Nextcloud Talk是德国Nextcloud公司的一款自托管的本地音频/视频和聊天通信服务。 Nextcloud Talk 13.0.8之前版本和14.0.4之前版本存在信息泄露漏洞,该漏洞源于存在信息泄露问题,攻击者可以看到任何已禁用视频但选择了摄像头的参与者的最后一个视频帧。
CVSS Information
N/A
Vulnerability Type
N/A