Unrated severityNVD Advisory· Published Jun 16, 2021· Updated Aug 3, 2024
Session Fixation in Nextcloud Talk
CVE-2021-32676
Description
Nextcloud Talk is a fully on-premises audio/video and chat communication service. Password protected shared chats in Talk before version 9.0.10, 10.0.8 and 11.2.2 did not rotate the session cookie after a successful authentication event. It is recommended that the Nextcloud Talk App is upgraded to 9.0.10, 10.0.8 or 11.2.2. No workarounds for this vulnerability are known to exist.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- nextcloud/security-advisoriesv5Range: < 9.0.10
Patches
Vulnerability mechanics
References
2- github.com/nextcloud/security-advisories/security/advisories/GHSA-p6h7-84v4-827rmitrex_refsource_CONFIRM
- hackerone.com/reports/1181962mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.