← Volver a CVEs
CVE-2021-32676
MEDIUM6.5
Descripcion
Nextcloud Talk is a fully on-premises audio/video and chat communication service. Password protected shared chats in Talk before version 9.0.10, 10.0.8 and 11.2.2 did not rotate the session cookie after a successful authentication event. It is recommended that the Nextcloud Talk App is upgraded to 9.0.10, 10.0.8 or 11.2.2. No workarounds for this vulnerability are known to exist.
Detalles CVE
Puntuacion CVSS v3.16.5
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado6/16/2021
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
nextcloud:talk
Debilidades (CWE)
CWE-384
Referencias
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-p6h7-84v4-827r(security-advisories@github.com)
https://hackerone.com/reports/1181962(security-advisories@github.com)
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-p6h7-84v4-827r(af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/1181962(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.