PT-2021-19849 · Nextcloud · Nextcloud Talk

Rtod

Published

2021-06-16

Updated

2021-06-23

CVE-2021-32676

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Nextcloud Talk versions prior to 9.0.10 Nextcloud Talk versions prior to 10.0.8 Nextcloud Talk versions prior to 11.2.2

Description Nextcloud Talk is a fully on-premises audio/video and chat communication service. Password protected shared chats in Talk did not rotate the session cookie after a successful authentication event.

Recommendations For versions prior to 9.0.10, upgrade to version 9.0.10. For versions prior to 10.0.8, upgrade to version 10.0.8. For versions prior to 11.2.2, upgrade to version 11.2.2.

Fix

Session Fixation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-384

Related Identifiers

CVE-2021-32676

GHSA-P6H7-84V4-827R

Affected Products

Nextcloud Talk

PT-2021-19849 · Nextcloud · Nextcloud Talk

CVE-2021-32676

Weakness Enumeration

Related Identifiers

Affected Products

References · 5