Skip to main content
  1. Posts/

Nextcloud Talk ObjectId in share location can be set to open arbitrary URL or Deeplinks

·1 min
Nextcloud bugbounty CVE-2021-41180
It is possible to control the geolocation preview in the Nextcloud Talk app to point to a domain or deeplink which results to open-redirect.

Summary #

The nextcloud Talk app allows a User to share their location via app. Due to lack of validation an attacker can send a crafted request to control the geolocation preview. Once clicked by the victim it will redirect them to the pointed deeplink or URL.

Nextcloud was able to fix this by adding a validation to Geo Location ID.

References #