CVE-2021-32676 Explained : Impact and Mitigation
Discover the impact and mitigation strategy for CVE-2021-32676, a session fixation vulnerability in Nextcloud Talk. Learn how to secure your communication service.
Nextcloud Talk is a fully on-premises audio/video and chat communication service. This CVE affects Nextcloud Talk versions < 9.0.10, >= 10.0.0, < 10.0.8, and >= 11.0.0, < 11.2.2. The vulnerability allows password-protected shared chats to not rotate the session cookie after a successful authentication event. It is recommended to upgrade the Nextcloud Talk App to versions 9.0.10, 10.0.8, or 11.2.2 to mitigate this issue.