CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

Nextcloud talk is a self hosting messaging service. In versions prior 12.1.2 an attacker is able to control the link of a geolocation preview in the Nextcloud Talk application due to a lack of validation on the link. This could result in an open-redirect, but required user interaction. This only affected users of the Android Talk client. It is recommended that the Nextcloud Talk App is upgraded to 12.1.2. There are no known workarounds.


**Impact**

An attacker is able to control the link of a geolocation preview in the Nextcloud Talk application. This could result in an open-redirect, but required user interaction. This only affected users of the Android Talk client.

**Patches**

It is recommended that the Nextcloud Talk App is upgraded to 12.1.2.

**Workarounds**

None.

**References**

*   HackerOne
*   Pull Request

**For more information**

If you have any questions or comments about this advisory:

*   Create a post in nextcloud/security-advisories
*   Customers: Open a support ticket at support.nextcloud.com

Headline

CVE-2021-41180: Build software better, together

CVE: Latest News