Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Nextcloud talk allows participants to blindly delete poll drafts of other users by ID
Vulnerability Description
Nextcloud talk is a video & audio conferencing app for Nextcloud. Prior to 20.1.8 and 21.1.2, a participant with chat permissions was able to delete poll drafts of other participants within the conversation based on their numeric ID. This vulnerability is fixed in 20.1.8 and 21.1.2.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Vulnerability Type
通过用户控制密钥绕过授权机制
Vulnerability Title
Nextcloud Talk 安全漏洞
Vulnerability Description
Nextcloud Talk是德国Nextcloud公司的一款自托管的本地音频/视频和聊天通信服务。 Nextcloud talk 20.1.8之前版本和21.1.2之前版本存在安全漏洞,该漏洞源于具有聊天权限的参与者可删除他人投票草稿,可能导致数据篡改。
CVSS Information
N/A
Vulnerability Type
N/A