CNNVD-202512-647 Information
CNNVD ID
CNNVD-202512-647
Related CVE
- CNNVD Published: 2025-12-05
Description (Chinese)
Nextcloud Talk是德国Nextcloud公司的一款自托管的本地音频/视频和聊天通信服务。 Nextcloud talk 20.1.8之前版本和21.1.2之前版本存在安全漏洞,该漏洞源于具有聊天权限的参与者可删除他人投票草稿,可能导致数据篡改。
Description (English)
Nextcloud Talk is a self-administered local audio/video and chat communication service of the German company Nextcloud. There is a security loophole in the previous version of Nextcloud talk 20.1.8 and the previous version of 21.1.2, which stems from the fact that participants with chat rights can delete drafts from others and may lead to data manipulation.
Hazard Level
Critical
Vulnerability Type
其他
Affected Vendor
Nextcloud
Published
2025-12-05
Last Modified
2026-02-24
References
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-pr9f-vqgg-m2jh https://github.com/nextcloud/spreed/commit/bd68e80d1dea98d84c1d621c2c681238cf041725 https://github.com/nextcloud/spreed/pull/15532 https://hackerone.com/reports/3247386
Patch
https://nextcloud.com/install/#desktop-talk
Share on: