VYPR
Unrated severityNVD Advisory· Published Jun 16, 2021· Updated Aug 3, 2024

Session Fixation in Nextcloud Talk

CVE-2021-32676

Description

Nextcloud Talk is a fully on-premises audio/video and chat communication service. Password protected shared chats in Talk before version 9.0.10, 10.0.8 and 11.2.2 did not rotate the session cookie after a successful authentication event. It is recommended that the Nextcloud Talk App is upgraded to 9.0.10, 10.0.8 or 11.2.2. No workarounds for this vulnerability are known to exist.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Drupal/Talkllm-fuzzy
    Range: >=9.0.0,<9.0.10 || >=10.0.0,<10.0.8 || >=11.2.0,<11.2.2
  • nextcloud/security-advisoriesv5
    Range: < 9.0.10

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.