Nextcloud talk has a feature called Message Expiration, Chat messages can be expired after a certain time. In order for messages to be removed from the database, the cron jobs need to be executed. However what would be the failover if in some cases the cron did not execute?
Proof of Concept: #
- Create a conversation
- Set the message expiration Go to Settings > Moderation
- Pick anything and using burp intercept the request and set it to 60 or 120 seconds.
- send a message
- wait for the message to expire
- Copy the conversation link and open it to a new tab
References #
- https://hackerone.com/reports/1784310
- https://nvd.nist.gov/vuln/detail/CVE-2023-26041
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-j53p-r755-v4jf