CVE-2021-32676

Nextcloud Talk is a fully on-premises audio/video and chat communication service. Password protected shared chats in Talk before version 9.0.10, 10.0.8 and 11.2.2 did not rotate the session cookie after a successful authentication event. It is recommended that the Nextcloud Talk App is upgraded to 9.0.10, 10.0.8 or 11.2.2. No workarounds for this vulnerability are known to exist.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:nextcloud:talk:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:talk:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:talk:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:07

Type Values Removed Values Added
References () https://github.com/nextcloud/security-advisories/security/advisories/GHSA-p6h7-84v4-827r - Third Party Advisory () https://github.com/nextcloud/security-advisories/security/advisories/GHSA-p6h7-84v4-827r - Third Party Advisory
References () https://hackerone.com/reports/1181962 - Issue Tracking, Third Party Advisory () https://hackerone.com/reports/1181962 - Issue Tracking, Third Party Advisory

Information

Published : 2021-06-16 00:15

Updated : 2024-11-21 06:07


NVD link : CVE-2021-32676

Mitre link : CVE-2021-32676

CVE.ORG link : CVE-2021-32676


JSON object : View

Products Affected

nextcloud

  • talk
CWE
CWE-384

Session Fixation