Vulnerability Description
Nextcloud Talk is a fully on-premises audio/video and chat communication service. Password protected shared chats in Talk before version 9.0.10, 10.0.8 and 11.2.2 did not rotate the session cookie after a successful authentication event. It is recommended that the Nextcloud Talk App is upgraded to 9.0.10, 10.0.8 or 11.2.2. No workarounds for this vulnerability are known to exist.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nextcloud | Talk | < 9.0.10 |
Related Weaknesses (CWE)
References
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-p6h7-8Third Party Advisory
- https://hackerone.com/reports/1181962Issue TrackingThird Party Advisory
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-p6h7-8Third Party Advisory
- https://hackerone.com/reports/1181962Issue TrackingThird Party Advisory
FAQ
What is CVE-2021-32676?
CVE-2021-32676 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Nextcloud Talk is a fully on-premises audio/video and chat communication service. Password protected shared chats in Talk before version 9.0.10, 10.0.8 and 11.2.2 did not rotate the session cookie aft...
How severe is CVE-2021-32676?
CVE-2021-32676 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-32676?
Check the references section above for vendor advisories and patch information. Affected products include: Nextcloud Talk.