Upstream information

CVE-2023-26041 at MITRE


Nextcloud Talk is a fully on-premises audio/video and chat communication service. When cron jobs were misconfigured and therefore messages are not expired, the API would still return them while they were then hidden by the frontend code. It is recommended that the Nextcloud Talk is upgraded to 15.0.3. There are no workaround available.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

CVSS v3 Scores
  National Vulnerability Database
Base Score 2.6
Vector CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
Attack Vector Network
Attack Complexity High
Privileges Required Low
User Interaction Required
Scope Unchanged
Confidentiality Impact Low
Integrity Impact None
Availability Impact None
CVSSv3 Version 3.1
SUSE Bugzilla entry: 1209992 [NEW]

No SUSE Security Announcements cross referenced.

SUSE Timeline for this CVE

CVE page created: Mon Feb 27 23:00:52 2023
CVE page last modified: Wed Apr 19 12:18:19 2023