CVE-2022-24890

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-24890
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-24890.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-24890
Aliases
  • GHSA-vxpr-hcqq-7fw7
Published
2022-05-17T19:00:15Z
Modified
2025-11-28T03:37:34.448014Z
Severity
  • 2.4 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N CVSS Calculator
Summary
Exposure of Private Personal Information to an Unauthorized Actor in Nextcloud Talk
Details

Nextcloud Talk is a video and audio conferencing app for Nextcloud. In versions prior to 13.0.5 and 14.0.0, a call moderator can indirectly enable user webcams by granting permissions, if they were enabled before removing the permissions. A patch is available in versions 13.0.5 and 14.0.0. There are currently no known workarounds.

Database specific 
{
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/24xxx/CVE-2022-24890.json",
    "cwe_ids": [
        "CWE-200",
        "CWE-359"
    ]
}
References

Affected packages

Git / github.com/nextcloud/spreed

Affected ranges

Type
GIT
Repo
https://github.com/nextcloud/spreed
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
d8de526cf296af13382a13699b5a297f29f7b65e

Affected versions

v1.*

v1.0.21
v1.0.22
v1.1
v1.1.2
v1.2

v10.*

v10.0.0-beta.1
v10.0.0-beta.2
v10.0.0-rc.1

v11.*

v11.0.0-alpha.1
v11.0.0-alpha.2
v11.0.0-alpha.3
v11.0.0-alpha.4

v12.*

v12.0.0-alpha.1
v12.0.0-alpha.2
v12.0.0-alpha.3

v13.*

v13.0.0
v13.0.0-rc.1
v13.0.0-rc.2
v13.0.0-rc.3
v13.0.0-rc.4
v13.0.1
v13.0.1.1
v13.0.2
v13.0.3
v13.0.4

v2.*

v2.0.0
v2.9.0
v2.9.1

v3.*

v3.0.0
v3.0.1
v3.99.10
v3.99.11
v3.99.12
v3.99.8

v4.*

v4.0.0
v4.99.5

v5.*

v5.99.10

v6.*

v6.0.0-rc.1
v6.0.0-rc.2

v7.*

v7.0.0-beta.1

v8.*

v8.0.0
v8.0.0-alpha.1
v8.0.0-alpha.2
v8.0.0-alpha.3
v8.0.0-alpha.4
v8.0.0-alpha.5
v8.0.0-alpha.6

v9.*

v9.0.0-beta.1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-24890.json"