Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
User session not correctly destroyed on logout
Vulnerability Description
Nextcloud server provides a home for data. A regression in the session handling between Nextcloud Server and the Nextcloud Text app prevented a correct destruction of the session on logout if cookies were not cleared manually. After successfully authenticating with any other account the previous session would be continued and the attacker would be authenticated as the previously logged in user. It is recommended that the Nextcloud Server is upgraded to 25.0.6 or 26.0.1.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
Vulnerability Type
不充分的会话过期机制
Vulnerability Title
Nextcloud 代码问题漏洞
Vulnerability Description
Nextcloud是德国Nextcloud公司的一套开源的自托管文件同步和共享的通信应用平台。 Nextcloud server 存在安全漏洞,该漏洞源于如果未手动清除 cookie,Nextcloud Server 和 Nextcloud Text 应用程序之间的会话处理回归会阻止在注销时正确销毁会话。在使用任何其他帐户成功验证后,先前的会话将继续,并且攻击者将被验证为先前登录的用户。
CVSS Information
N/A
Vulnerability Type
N/A