CVE-2023-39957— Path traversal allows tricking the Talk Android app into writing files into it's root directory
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-39957
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Path traversal allows tricking the Talk Android app into writing files into it's root directory
Source: NVD (National Vulnerability Database)
Vulnerability Description
Nextcloud Talk Android allows users to place video and audio calls through Nextcloud on Android. Prior to version 17.0.0, an unprotected intend allowed malicious third party apps to trick the Talk Android app into writing files outside of its intended cache directory. Nextcloud Talk Android version 17.0.0 has a patch for this issue. No known workarounds are available.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Nextcloud Talk 路径遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Nextcloud Talk是德国Nextcloud公司的一款自托管的本地音频/视频和聊天通信服务。 Nextcloud Talk 17.0.0之前版本存在路径遍历漏洞。攻击者利用该漏洞在其预期缓存目录之外写入文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| nextcloud | security-advisories | < 17.0.0 | - |
II. Public POCs for CVE-2023-39957
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-39957
请登录查看更多情报信息。
- https://hackerone.com/reports/1997029x_refsource_MISC
- https://github.com/nextcloud/talk-android/pull/3064x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2023-39957
Same Patch Batch · nextcloud · 2023-08-10 · 10 CVEs total
| CVE-2023-39963 | 8.1 HIGH | Missing password confirmation when creating app passwords |
| CVE-2023-39962 | 7.7 HIGH | Users can delete external storage mount points |
| CVE-2023-39952 | 6.5 MEDIUM | Advanced permissions not respected when copying entire group folders |
| CVE-2023-39958 | 5.8 MEDIUM | Missing brute force protection on password reset token OAuth2 API controller |
| CVE-2023-39953 | 4.8 MEDIUM | Issuer not verified from obtained token in user_oidc |
| CVE-2023-39954 | 3.8 LOW | user_oidc app stores client secret unencrypted in database |
| CVE-2023-39955 | 3.5 LOW | Notes attachment render HTML in preview mode |
| CVE-2023-39959 | 3.5 LOW | Existence of calendars and address books can be checked by unauthenticated users |
| CVE-2023-39961 | 3.5 LOW | Text does not respect "Allow download" permissions |
IV. Related Vulnerabilities
Same product: security-advisories
- CVE-2026-28272
Kiteworks Email Protection Gateway has a Cross-site Scriptin - CVE-2026-28271
Kiteworks Core is vulnerable to Server-Side Request Forgery - CVE-2026-28270
Kiteworks Core has an Unrestricted Upload of File with Dange - CVE-2026-28269
Kiteworks Core has an OS Command Injection - CVE-2025-66558
Nextcloud Twofactor WebAuthn app was updated based on public
Same vendor: nextcloud
- CVE-2025-66558
Nextcloud Twofactor WebAuthn app was updated based on public - CVE-2025-66556
Nextcloud talk allows participants to blindly delete poll dr - CVE-2025-66554
Nextcloud Contacts vulnerable to Stored XSS in contacts app - CVE-2025-66549
Nextcloud Desktop discloses information when attempting to l - CVE-2025-66545
Nextcloud Groupfolders users with read-only permissions for
Same weakness: CWE-22
- CVE-2026-8274
npitre cramfs-tools Directory cramfsck.c do_directory path t - CVE-2022-50956
WordPress Plugin amministrazione-aperta 3.7.3 Local File Rea - CVE-2026-8215
Industrial Application Software IAS Canias ERP RMI iasReques - CVE-2026-42605
AzuraCast: Path Traversal in `currentDirectory` Parameter En - CVE-2026-42574
apko dirFS has a symlink-following path traversal that allow
V. Comments for CVE-2023-39957
No comments yet