CVE-2023-22473 LOW

CVE-2023-22473: Passcode bypass on Talk-Android app

Vendor Nextcloud

Product security-advisories

Weakness CWE-284

Published January 9, 2023

Last update March 10, 2025

View on NVD All CVEs

CVSS base score

2.1/10

Attack vector Physical

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Talk-Android enables users to have video & audio calls through Nextcloud on Android. Due to passcode bypass, an attacker is able to access the user's Nextcloud files and view conversations. To exploit this the attacker needs to have physical access to the target's device. There are currently no known workarounds available. It is recommended that the Nextcloud Talk Android app is upgraded to 15.0.2.

Key dates

02Disclosure timeline

January 9, 2023 CVE published

March 10, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-22473 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/284.html

Related vulnerabilities

04Related CVE

CVE-2026-39968 TypeBot: Cross-Workspace Credential Theft via Bot-Engine Preview Endpoint CVE-2025-47989 Arc Enabled Servers - Azure Connected Machine Agent Elevation of Privilege Vulnerability CVE-2026-28230 In SteVe, any authenticated charger can terminate any other charger's active transaction (missing ownership verification on StopTransaction) CVE-2023-1491 Max Secure Anti Virus Plus IoControlCode MaxCryptMon.sys 0x220020 access control CVE-2026-0977 IBM CICS Transaction Gateway for Multiplatforms Information Disclosure