Code injection possible with malformed Nextcloud Talk chat commands (NC-SA-2020-021)
20th April 2020
Risk level: Low
CVSS v3 Base Score: 8 (AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H)
HackerOne report: 851807
A too lax check in Nextcloud Talk 6.0.4, 7.0.2 and 8.0.7 allowed a code injection when a not correctly sanitized talk command was added by an administrator.
- Nextcloud Talk < 8.0.8 (CVE-2020-8180)
- Nextcloud Talk < 7.0.3 (CVE-2020-8180)
- Nextcloud Talk < 6.0.5 (CVE-2020-8180)
The error has been fixed.
It is recommended that the Nextcloud Talk is upgraded to 8.0.8.
The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:
- Spectre - Vulnerability discovery and disclosure.
This advisory is licensed CC BY-SA 4.0.