Headline
CVE-2022-24890: Connection can not be established without camera permission · Issue #7048 · nextcloud/spreed
Nextcloud Talk is a video and audio conferencing app for Nextcloud. In versions prior to 13.0.5 and 14.0.0, a call moderator can indirectly enable user webcams by granting permissions, if they were enabled before removing the permissions. A patch is available in versions 13.0.5 and 14.0.0. There are currently no known workarounds.
How to use GitHub
- Please use the 👍 reaction to show that you are affected by the same issue.
- Please don’t comment if you have no relevant information to add. It’s just extra noise for everyone subscribed to this issue.
- Subscribe to receive notifications on status change and new comments.
Steps to reproduce
- As user A create a room with group 1 where user B is a member of
- As user A set custom permissions for user B only change to remove the camera permission
- As user A start a call
- As user B try to join the call
Expected behaviour
User B can join and talk
Actual behaviour
User B is disconnecting and connecting all the time
Talk app
Talk app version: master
Custom Signaling server configured: no
Custom TURN server configured: no
Custom STUN server configured: no
Browser
Microphone available: yes - using fake stream
Camera available: yes - using fake stream
Operating system: Ubuntu
Browser name: Firefox
Browser version: 96
Browser log