{"id":"CVE-2021-32676","details":"Nextcloud Talk is a fully on-premises audio/video and chat communication service. Password protected shared chats in Talk before version 9.0.10, 10.0.8 and 11.2.2 did not rotate the session cookie after a successful authentication event. It is recommended that the Nextcloud Talk App is upgraded to 9.0.10, 10.0.8 or 11.2.2. No workarounds for this vulnerability are known to exist.","modified":"2026-04-10T04:33:50.789686Z","published":"2021-06-16T00:15:07.793Z","related":["GHSA-p6h7-84v4-827r"],"references":[{"type":"ADVISORY","url":"https://github.com/nextcloud/security-advisories/security/advisories/GHSA-p6h7-84v4-827r"},{"type":"REPORT","url":"https://hackerone.com/reports/1181962"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nextcloud/spreed","events":[{"introduced":"0"},{"fixed":"f8056c61469400eb16094902d268fb93575ce8de"},{"introduced":"350a4aa19edd198a8e0f658e7885082e5825349d"},{"fixed":"7162764f2f29564aae156c8a789ada9ad0c72c77"},{"introduced":"254c9207b349c6b95f80c7e8c707a7a9a288ea07"},{"fixed":"1d3c90d7121cd06c6a4c7bd23729eac9fbf595f5"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"9.0.10"},{"introduced":"10.0.0"},{"fixed":"10.0.8"},{"introduced":"11.2.0"},{"fixed":"11.2.2"}]}}],"versions":["v1.0.21","v1.0.22","v1.1.2","v1.2","v10.0.0","v10.0.0-beta.1","v10.0.0-beta.2","v10.0.0-rc.1","v10.0.1","v10.0.2","v10.0.3","v10.0.4","v10.0.5","v10.0.6","v10.0.7","v11.0.0","v11.0.0-alpha.1","v11.0.0-alpha.2","v11.0.0-alpha.3","v11.0.0-alpha.4","v11.0.0-rc.1","v11.1.1","v11.1.2","v2.0.0","v2.9.0","v2.9.1","v3.0.0","v3.0.1","v3.99.10","v3.99.11","v3.99.12","v3.99.8","v4.0.0","v4.99.5","v5.99.10","v6.0.0-rc.1","v6.0.0-rc.2","v7.0.0-beta.1","v8.0.0","v8.0.0-alpha.1","v8.0.0-alpha.2","v8.0.0-alpha.3","v8.0.0-alpha.4","v8.0.0-alpha.5","v8.0.0-alpha.6","v9.0.0","v9.0.0-beta.1","v9.0.0-rc.1","v9.0.1","v9.0.2","v9.0.3","v9.0.4","v9.0.5","v9.0.6","v9.0.7","v9.0.8","v9.0.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-32676.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}