Nextcloud Talk is a popular open-source communication platform providing video and audio calls on Android. However, a security vulnerability discovered in Nextcloud Talk Android app versions before 17.. allows for malicious third-party applications to exploit the app and write files outside of its intended cache directory. In this post, we will discuss the details of this vulnerability (CVE-2023-39957) and provide information on patches and relevant references.

Details of CVE-2023-39957

The vulnerability, referred to as CVE-2023-39957, is found in the Nextcloud Talk Android app versions before 17... The root of this issue lies in an unprotected intent, which could be manipulated by malicious third-party apps. By exploiting this vulnerability, an attacker could trick the Nextcloud Talk Android app into writing files outside of its designated cache directory.

Here is a code snippet demonstrating how a third-party app could exploit this vulnerability

Intent maliciousIntent = new Intent();
maliciousIntent.setAction("com.nextcloud.talk.intent.action.EXPORT_PROFILE_PICTURE");
maliciousIntent.putExtra("USER_ID", 1);
maliciousIntent.putExtra("TARGET_FOLDER", "/sdcard/Download/");
sendBroadcast(maliciousIntent);

In this example, the attacker creates a malicious intent, sets the action to export the profile picture, specifies the user, and sets the target folder to the Download directory on the device. This will make Nextcloud Talk Android app write files to a directory that it should not have access to.

Patch and Workarounds

Nextcloud has released a patch for this vulnerability in version 17.. of the Talk Android app. Users are encouraged to update to the latest version to avoid any security risks. No known workarounds are available for this vulnerability.

References

- CVE Details Page: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39957
- Nextcloud Security Advisory: https://nextcloud.com/security/advisory/?id=NC-SA-2023-009
- Original GitHub Report: https://github.com/nextcloud/talk-android/issues/1423
- Nextcloud Talk Android App on Google Play Store: https://play.google.com/store/apps/details?id=com.nextcloud.talk2

Conclusion

CVE-2023-39957 is a critical security vulnerability impacting the Nextcloud Talk Android app versions prior to 17... The exploit allows malicious third-party apps to manipulate the app into writing files outside of its intended cache directory. Users are advised to update their Nextcloud Talk Android app to the latest version to safeguard themselves against potential attacks. Stay tuned for more updates and security advisories related to this issue.

Timeline

Published on: 08/10/2023 16:15:00 UTC
Last modified on: 08/16/2023 19:57:00 UTC