{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "fixed": "9.0.10" }, { "introduced": "10.0.0" }, { "fixed": "10.0.8" }, { "introduced": "11.2.0" }, { "fixed": "11.2.2" } ] }, "events": [ { "introduced": "0" }, { "fixed": "f8056c61469400eb16094902d268fb93575ce8de" }, { "introduced": "350a4aa19edd198a8e0f658e7885082e5825349d" }, { "fixed": "7162764f2f29564aae156c8a789ada9ad0c72c77" }, { "introduced": "254c9207b349c6b95f80c7e8c707a7a9a288ea07" }, { "fixed": "1d3c90d7121cd06c6a4c7bd23729eac9fbf595f5" } ], "repo": "https://github.com/nextcloud/spreed", "type": "GIT" } ] } ], "details": "Nextcloud Talk is a fully on-premises audio/video and chat communication service. Password protected shared chats in Talk before version 9.0.10, 10.0.8 and 11.2.2 did not rotate the session cookie after a successful authentication event. It is recommended that the Nextcloud Talk App is upgraded to 9.0.10, 10.0.8 or 11.2.2. No workarounds for this vulnerability are known to exist.", "id": "CVE-2021-32676", "modified": "2026-03-13T21:54:20.179184188Z", "published": "2021-06-16T00:15:07.793Z", "references": [ { "type": "ADVISORY", "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-p6h7-84v4-827r" }, { "type": "REPORT", "url": "https://hackerone.com/reports/1181962" } ], "related": [ "GHSA-p6h7-84v4-827r" ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "type": "CVSS_V3" } ] }