{"id":"CVE-2022-24890","summary":"Exposure of Private Personal Information to an Unauthorized Actor in Nextcloud Talk","details":"Nextcloud Talk is a video and audio conferencing app for Nextcloud. In versions prior to 13.0.5 and 14.0.0, a call moderator can indirectly enable user webcams by granting permissions, if they were enabled before removing the permissions. A patch is available in versions 13.0.5 and 14.0.0. There are currently no known workarounds.","aliases":["GHSA-vxpr-hcqq-7fw7"],"modified":"2026-04-10T04:45:39.010326Z","published":"2022-05-17T19:00:15Z","database_specific":{"cwe_ids":["CWE-200","CWE-359"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/24xxx/CVE-2022-24890.json","cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/24xxx/CVE-2022-24890.json"},{"type":"ADVISORY","url":"https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vxpr-hcqq-7fw7"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24890"},{"type":"REPORT","url":"https://github.com/nextcloud/spreed/issues/7048"},{"type":"FIX","url":"https://github.com/nextcloud/spreed/pull/7034"},{"type":"FIX","url":"https://github.com/nextcloud/spreed/pull/7092"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nextcloud/spreed","events":[{"introduced":"0"},{"fixed":"d8de526cf296af13382a13699b5a297f29f7b65e"}]}],"versions":["v1.0.21","v1.0.22","v1.1.2","v1.2","v10.0.0-beta.1","v10.0.0-beta.2","v10.0.0-rc.1","v11.0.0-alpha.1","v11.0.0-alpha.2","v11.0.0-alpha.3","v11.0.0-alpha.4","v12.0.0-alpha.1","v12.0.0-alpha.2","v12.0.0-alpha.3","v13.0.0","v13.0.0-rc.1","v13.0.0-rc.2","v13.0.0-rc.3","v13.0.0-rc.4","v13.0.1","v13.0.1.1","v13.0.2","v13.0.3","v13.0.4","v2.0.0","v2.9.0","v2.9.1","v3.0.0","v3.0.1","v3.99.10","v3.99.11","v3.99.12","v3.99.8","v4.0.0","v4.99.5","v5.99.10","v6.0.0-rc.1","v6.0.0-rc.2","v7.0.0-beta.1","v8.0.0","v8.0.0-alpha.1","v8.0.0-alpha.2","v8.0.0-alpha.3","v8.0.0-alpha.4","v8.0.0-alpha.5","v8.0.0-alpha.6","v9.0.0-beta.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-24890.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/nextcloud/talk-android","events":[{"introduced":"0"},{"last_affected":"b2d10e65d516e1a8e02dffc84bf811f9bce77b66"},{"introduced":"0"},{"last_affected":"0a7cb1c8052048fc0b771ba8d15a4f2b927e1182"},{"introduced":"0"},{"last_affected":"57d05cfee1daaf35a914c18378e971fe2f72fe40"},{"introduced":"0"},{"last_affected":"007f6c6e0f8635564e47065264ab61c6e94ed429"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"14.0.0-rc1"},{"introduced":"0"},{"last_affected":"14.0.0-rc2"},{"introduced":"0"},{"last_affected":"14.0.0-rc3"},{"introduced":"0"},{"last_affected":"14.0.0-rc4"}]}}],"versions":["alpha-","alpha-110000002","alpha-110000004","alpha-110000005","alpha-110000006","alpha-120000002","alpha-120000003","alpha-120000004","alpha-120000005","alpha-120000006","alpha-120000007","alpha-120000008","alpha-120000013","alpha-120000014","alpha-120000015","alpha-120000016","alpha-120020002","alpha-120020003","alpha-120020004","alpha-120020005","alpha-120020006","alpha-120020007","alpha-120030002","alpha-120030003","alpha-120030004","alpha-120030005","alpha-120030006","alpha-120030007","alpha-120030008","alpha-120030009","alpha-120030010","alpha-120030011","alpha-120030012","alpha-120030013","alpha-120030014","alpha-130000002","alpha-130010002","alpha-130010003","alpha-130010004","alpha-130010005","alpha-130010006","alpha-130010007","alpha-130010008","alpha-130010009","alpha-130010010","alpha-130010011","alpha-130010012","alpha-130010013","alpha-130010014","alpha-130010015","alpha-130010016","alpha-130010017","alpha-130010018","alpha-140010002","alpha-140010003","v0.1.0","v0.1.1","v0.1.2","v0.2.0","v1.0","v1.0.1","v1.0.10","v1.0.11","v1.0.12","v1.0.13","v1.0.14","v1.0.2","v1.0.3","v1.0.4","v1.0.5","v1.0.6","v1.0.7","v1.0.8","v1.0.9","v1.1.0","v1.1.0beta1","v1.1.0beta2","v1.1.0beta3","v1.1.0beta4","v1.1.1","v1.2.0beta1","v1.2.0beta2","v1.2.0beta3","v11.0.0","v14.0.0rc1","v14.0.0rc2","v14.0.0rc3","v14.0.0rc4","v2.0.0","v2.0.0beta4","v2.0.0beta5","v2.1.0","v2.1.0beta1","v2.1.0beta2","v2.1.0beta3","v2.1.0beta4","v2.1.0beta5","v3.0.0","v3.0.0beta1","v3.0.0beta10","v3.0.0beta3","v3.0.0beta4","v3.0.0beta5","v3.0.0beta6","v3.0.0beta7","v3.0.0beta8","v3.0.1","v3.1.0","v3.1.0beta1","v3.1.0beta2","v3.1.0beta3","v3.1.0beta4","v3.1.0beta5","v3.1.0beta6","v3.2.0beta1","v3.2.0beta2","v3.2.0beta3","v3.2.0beta4","v3.2.0beta5","v3.3.0beta1","v3.3.0beta2","v3.3.0beta3","v6.0.0","v6.0.0beta1","v6.0.0beta2","v6.0.0beta3","v6.0.0beta4","v6.0.1","v6.0.2","v6.0.6-internal","v6.0.6internal","v6.0.7beta","v6.1.0","v7.0.0","v7.0.0beta1","v7.0.0beta2","v7.0.0beta3","v7.0.0beta4","v7.0.0beta5","v7.0.1","v7.0.2","v7.0.3","v7.0.4","v7.0.5","v7.0.6","v7.0.7","v7.0.8","v8.0.0","v8.0.0beta1","v8.0.0beta2","v8.0.0beta3","v8.0.0beta4","v8.0.1","v8.0.10","v8.0.2","v8.0.3","v8.0.4","v8.0.5","v8.0.6","v8.0.7","v8.0.8","v8.0.9","v8.1.0","v8.1.0rc1","v8.2.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-24890.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N"}]}