CVE-2021-32676

Nextcloud Talk is a fully on-premises audio/video and chat communication service. Password protected shared chats in Talk before version 9.0.10, 10.0.8 and 11.2.2 did not rotate the session cookie after a successful authentication event. It is recommended that the Nextcloud Talk App is upgraded to 9.0.10, 10.0.8 or 11.2.2. No workarounds for this vulnerability are known to exist.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:nextcloud:talk:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:talk:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:talk:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-06-16 00:15

Updated : 2024-02-28 18:28


NVD link : CVE-2021-32676

Mitre link : CVE-2021-32676

CVE.ORG link : CVE-2021-32676


JSON object : View

Products Affected

nextcloud

  • talk
CWE
CWE-384

Session Fixation