Nextcloud Talk is a fully on-premises audio/video and chat communication service. Password protected shared chats in Talk before version 9.0.10, 10.0.8 and 11.2.2 did not rotate the session cookie after a successful authentication event. It is recommended that the Nextcloud Talk App is upgraded to 9.0.10, 10.0.8 or 11.2.2. No workarounds for this vulnerability are known to exist.
Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Talk | Nextcloud | * | 9.0.10 (excluding) |
| Talk | Nextcloud | 10.0.0 (including) | 10.0.8 (excluding) |
| Talk | Nextcloud | 11.2.0 (including) | 11.2.2 (excluding) |
Such a scenario is commonly observed when: