CVE-2021-32676

Summary

Nextcloud Talk is a fully on-premises audio/video and chat communication service. Password protected shared chats in Talk before version 9.0.10, 10.0.8 and 11.2.2 did not rotate the session cookie after a successful authentication event. It is recommended that the Nextcloud Talk App is upgraded to 9.0.10, 10.0.8 or 11.2.2. No workarounds for this vulnerability are known to exist.

Affected Software

VendorProductVersion RangeStatus
nextcloudsecurity-advisories< 9.0.10affected
nextcloudsecurity-advisories>= 10.0.0, < 10.0.8affected
nextcloudsecurity-advisories>= 11.0.0, < 11.2.2affected

Weaknesses

  • CWE-384: CWE-384: Session Fixation

ADP Enrichment

CVE Program Container

Additional References

References