Code injection possible with malformed Nextcloud Talk chat commands (NC-SA-2020-021)
20th April 2020
Risk level: Low
CVSS v3 Base Score: 8 (AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H)
HackerOne report: 851807
Description
A too lax check in Nextcloud Talk 6.0.4, 7.0.2 and 8.0.7 allowed a code injection when a not correctly sanitized talk command was added by an administrator.
Affected Software
- Nextcloud Talk < 8.0.8 (CVE-2020-8180)
- Nextcloud Talk < 7.0.3 (CVE-2020-8180)
- Nextcloud Talk < 6.0.5 (CVE-2020-8180)
Action Taken
The error has been fixed.
Resolution
It is recommended that the Nextcloud Talk is upgraded to 8.0.8.
Acknowledgements
The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:
- Spectre - Vulnerability discovery and disclosure.
This advisory is licensed CC BY-SA 4.0.