CVE-2022-24887

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-24887

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-24887.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-24887

Aliases

GHSA-j45w-7mpq-264c

Published

2022-04-27T13:55:11Z

Modified

2025-11-14T13:04:35.620350Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

Open Redirect in Nextcloud Talk

Details

Nextcloud Talk is a video and audio conferencing app for Nextcloud, a self-hosted productivity platform. Prior to versions 11.3.4, 12.2.2, and 13.0.0, when sharing a Deck card in conversation, the metaData can be manipulated so users can be tricked into opening arbitrary URLs. This issue is fixed in versions 11.3.4, 12.2.2, and 13.0.0. There are currently no known workarounds.

Database specific

{
    "cwe_ids": [
        "CWE-601"
    ]
}

References

Affected packages

Git / github.com/nextcloud/spreed

Affected ranges

Type

GIT

Repo

https://github.com/nextcloud/spreed

Events

Introduced

Fixed

d2a45a6fe025334115f7ffb92a973bac8e3220e5

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "11.3.4"
        }
    ]
}

Type

GIT

Repo

https://github.com/nextcloud/spreed

Events

Introduced

Fixed

b63c65c576ae6bfe3df1acc4fde5db799dd197d3

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "12.2.2"
        }
    ]
}

Type

GIT

Repo

https://github.com/nextcloud/spreed

Events

Introduced

Fixed

34ac46b028cd511bc50a85e5df922688630011b8

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "13.0.0"
        }
    ]
}

Affected versions

v1.*

v1.0.21

v1.0.22

v1.1

v1.1.2

v1.2

v10.*

v10.0.0-beta.1

v10.0.0-beta.2

v10.0.0-rc.1

v11.*

v11.0.0

v11.0.0-alpha.1

v11.0.0-alpha.2

v11.0.0-alpha.3

v11.0.0-alpha.4

v11.0.0-rc.1

v11.1.0

v11.1.1

v11.1.2

v11.2.0

v11.2.1

v11.2.2

v11.3.0

v11.3.1

v11.3.2

v11.3.3

v12.*

v12.0.0

v12.0.0-alpha.1

v12.0.0-alpha.2

v12.0.0-alpha.3

v12.0.0-alpha.4

v12.0.0-rc.1

v12.1.0

v12.1.1

v12.2.0

v12.2.1

v13.*

v13.0.0-rc.1

v13.0.0-rc.2

v13.0.0-rc.3

v13.0.0-rc.4

v2.*

v2.0.0

v2.9.0

v2.9.1

v3.*

v3.0.0

v3.0.1

v3.99.10

v3.99.11

v3.99.12

v3.99.8

v4.*

v4.0.0

v4.99.5

v5.*

v5.99.10

v6.*

v6.0.0-rc.1

v6.0.0-rc.2

v7.*

v7.0.0-beta.1

v8.*

v8.0.0

v8.0.0-alpha.1

v8.0.0-alpha.2

v8.0.0-alpha.3

v8.0.0-alpha.4

v8.0.0-alpha.5

v8.0.0-alpha.6

v9.*

v9.0.0-beta.1