{"id":"CVE-2023-22473","summary":"Passcode bypass on Talk-Android app","details":"Talk-Android enables users to have video & audio calls through Nextcloud on Android. Due to passcode bypass, an attacker is able to access the user's Nextcloud files and view conversations. To exploit this the attacker needs to have physical access to the target's device. There are currently no known workarounds available. It is recommended that the Nextcloud Talk Android app is upgraded to 15.0.2. \n","aliases":["GHSA-wvr4-gc4c-6vmx"],"modified":"2026-04-16T04:10:50.058461Z","published":"2023-01-09T14:07:14.923Z","database_specific":{"cna_assigner":"GitHub_M","cwe_ids":["CWE-284"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/22xxx/CVE-2023-22473.json"},"references":[{"type":"WEB","url":"https://hackerone.com/reports/1784645"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/22xxx/CVE-2023-22473.json"},{"type":"ADVISORY","url":"https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wvr4-gc4c-6vmx"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22473"},{"type":"FIX","url":"https://github.com/nextcloud/talk-android/pull/2598"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nextcloud/talk-android","events":[{"introduced":"0"},{"fixed":"a5f4796850352d19f3d9c31026b970da5ace5bca"}],"database_specific":{"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"fixed":"15.0.2"}],"cpe":"cpe:2.3:a:nextcloud:talk:*:*:*:*:*:android:*:*"}}],"versions":["alpha-","alpha-110000002","alpha-110000004","alpha-110000005","alpha-110000006","alpha-120000002","alpha-120000003","alpha-120000004","alpha-120000005","alpha-120000006","alpha-120000007","alpha-120000008","alpha-120000013","alpha-120000014","alpha-120000015","alpha-120000016","alpha-120020002","alpha-120020003","alpha-120020004","alpha-120020005","alpha-120020006","alpha-120020007","alpha-120030002","alpha-120030003","alpha-120030004","alpha-120030005","alpha-120030006","alpha-120030007","alpha-120030008","alpha-120030009","alpha-120030010","alpha-120030011","alpha-120030012","alpha-120030013","alpha-120030014","alpha-130000002","alpha-130010002","alpha-130010003","alpha-130010004","alpha-130010005","alpha-130010006","alpha-130010007","alpha-130010008","alpha-130010009","alpha-130010010","alpha-130010011","alpha-130010012","alpha-130010013","alpha-130010014","alpha-130010015","alpha-130010016","alpha-130010017","alpha-130010018","alpha-140010002","alpha-140010003","alpha-140010004","alpha-140010005","alpha-140010006","alpha-140010007","alpha-140010008","alpha-140010009","alpha-140010010","alpha-140010011","alpha-140010012","alpha-140020002","alpha-140020003","alpha-140020004","alpha-140020005","alpha-140020006","alpha-150000002","alpha-150000003","alpha-150000004","alpha-150000005","alpha-150000006","v0.1.0","v0.1.1","v0.1.2","v0.2.0","v1.0","v1.0.1","v1.0.10","v1.0.11","v1.0.12","v1.0.13","v1.0.14","v1.0.2","v1.0.3","v1.0.4","v1.0.5","v1.0.6","v1.0.7","v1.0.8","v1.0.9","v1.1.0","v1.1.0beta1","v1.1.0beta2","v1.1.0beta3","v1.1.0beta4","v1.1.1","v1.2.0beta1","v1.2.0beta2","v1.2.0beta3","v11.0.0","v15.0.0","v15.0.0rc1","v15.0.0rc2","v15.0.0rc3","v15.0.0rc4","v15.0.0rc5","v15.0.1","v15.0.2rc1","v2.0.0","v2.0.0beta4","v2.0.0beta5","v2.1.0","v2.1.0beta1","v2.1.0beta2","v2.1.0beta3","v2.1.0beta4","v2.1.0beta5","v3.0.0","v3.0.0beta1","v3.0.0beta10","v3.0.0beta3","v3.0.0beta4","v3.0.0beta5","v3.0.0beta6","v3.0.0beta7","v3.0.0beta8","v3.0.1","v3.1.0","v3.1.0beta1","v3.1.0beta2","v3.1.0beta3","v3.1.0beta4","v3.1.0beta5","v3.1.0beta6","v3.2.0beta1","v3.2.0beta2","v3.2.0beta3","v3.2.0beta4","v3.2.0beta5","v3.3.0beta1","v3.3.0beta2","v3.3.0beta3","v6.0.0","v6.0.0beta1","v6.0.0beta2","v6.0.0beta3","v6.0.0beta4","v6.0.1","v6.0.2","v6.0.6-internal","v6.0.6internal","v6.0.7beta","v6.1.0","v7.0.0","v7.0.0beta1","v7.0.0beta2","v7.0.0beta3","v7.0.0beta4","v7.0.0beta5","v7.0.1","v7.0.2","v7.0.3","v7.0.4","v7.0.5","v7.0.6","v7.0.7","v7.0.8","v8.0.0","v8.0.0beta1","v8.0.0beta2","v8.0.0beta3","v8.0.0beta4","v8.0.1","v8.0.10","v8.0.2","v8.0.3","v8.0.4","v8.0.5","v8.0.6","v8.0.7","v8.0.8","v8.0.9","v8.1.0","v8.1.0rc1","v8.2.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-22473.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}]}