CVE-2023-32318— Nextcloud 代码问题漏洞

User session not correctly destroyed on logout

Nextcloud server provides a home for data. A regression in the session handling between Nextcloud Server and the Nextcloud Text app prevented a correct destruction of the session on logout if cookies were not cleared manually. After successfully authenticating with any other account the previous session would be continued and the attacker would be authenticated as the previously logged in user. It is recommended that the Nextcloud Server is upgraded to 25.0.6 or 26.0.1.

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N

不充分的会话过期机制

Nextcloud 代码问题漏洞

Nextcloud是德国Nextcloud公司的一套开源的自托管文件同步和共享的通信应用平台。 Nextcloud server 存在安全漏洞，该漏洞源于如果未手动清除 cookie，Nextcloud Server 和 Nextcloud Text 应用程序之间的会话处理回归会阻止在注销时正确销毁会话。在使用任何其他帐户成功验证后，先前的会话将继续，并且攻击者将被验证为先前登录的用户。

N/A

N/A