漏洞标题
在尝试加入受密码保护的Nextcloud Talk对话时 missing rate limit
漏洞描述信息
尝试加入受密码保护的Nextcloud Talk对话时,缺少速率限制
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
漏洞类别
N/A
漏洞标题
Missing rate limit when trying to join a password protected Nextcloud Talk conversation
漏洞描述信息
Nextcloud Talk is a video and audio conferencing app for Nextcloud. Prior to versions 12.2.7, 13.0.7, and 14.0.3, password protected conversations are susceptible to brute force attacks if the attacker has the link/conversation token. It is recommended that the Nextcloud Talk application is upgraded to 12.2.7, 13.0.7 or 14.0.3. There are currently no known workarounds available apart from not having password protected conversations.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
漏洞类别
侵犯隐私
漏洞标题
Nextcloud Talk 安全漏洞
漏洞描述信息
Nextcloud Talk是德国Nextcloud公司的一款自托管的本地音频/视频和聊天通信服务。 Nextcloud Talk 12.2.7之前版本、13.0.7之前版本、14.0.3之前版本存在安全漏洞。攻击者利用该漏洞泄露敏感信息。
CVSS信息
N/A
漏洞类别
其他