Skip to main content
  1. Security/

Nextcloud Talk ObjectId in share location can be set to open arbitrary URL or Deeplinks

·1 min· 0 · 0 ·
Nextcloud bugbounty CVE-2021-41180
Christian Angel
Author
Christian Angel
meh
Table of Contents
It is possible to control the geolocation preview in the Nextcloud Talk app to point to a domain or deeplink which results to open-redirect.

Summary #

The nextcloud Talk app allows a User to share their location via app. Due to lack of validation an attacker can send a crafted request to control the geolocation preview. Once clicked by the victim it will redirect them to the pointed deeplink or URL.

Nextcloud was able to fix this by adding a validation to Geo Location ID.

References #