CVE-2023-45149

Name: CVE-2023-45149
Creator: NVD / NIST
Published: 2023-10-16T20:15:15.287+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 4.3/10EPSS 0.48%

Last modified Jun 17, 2026

CVE-2023-45149 is a medium-severity vulnerability rated 4.3/10 on the CVSS scale. Nextcloud talk is a chat module for the Nextcloud server platform. In affected versions brute force protection of public talk conversation passwords can be bypassed, as there was an endpoint validating the conversation password without registering bruteforce attempts. EPSS estimates a 0.48% chance of exploitation in the next 30 days.

Description

Nextcloud talk is a chat module for the Nextcloud server platform. In affected versions brute force protection of public talk conversation passwords can be bypassed, as there was an endpoint validating the conversation password without registering bruteforce attempts. It is recommended that the Nextcloud Talk app is upgraded to 15.0.8, 16.0.6 or 17.1.1. There are no known workarounds for this vulnerability.

Metrics

CVSS 3.1

4.3/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS Probability

0.48%

37.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-307

Affected Software

Vendor	Product	Versions
Nextcloud	Talk	>= 15.0.0, < 15.0.8
Nextcloud	Talk	>= 16.0.0, < 16.0.6
Nextcloud	Talk	>= 17.0.0, < 17.1.1

References

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-7rf8-pqmj-rpqvVendor Advisory
https://github.com/nextcloud/spreed/pull/10545Issue Tracking, Patch
https://hackerone.com/reports/2094473Permissions Required
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-7rf8-pqmj-rpqvVendor Advisory
https://github.com/nextcloud/spreed/pull/10545Issue Tracking, Patch
https://hackerone.com/reports/2094473Permissions Required

Timeline

Published: Oct 16, 2023
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2023-45149?

How severe is CVE-2023-45149?

CVE-2023-45149 has a CVSS score of 4.3/10 (MEDIUM severity). The EPSS model estimates a 0.48% probability of exploitation in the next 30 days.

How do I fix CVE-2023-45149?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-45149?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST