Nextcloud server provides a home for data. A regression in the session handling between Nextcloud Server and the Nextcloud Text app prevented a correct destruction of the session on logout if cookies were not cleared manually. After successfully authenticating with any other account the previous session would be continued and the attacker would be authenticated as the previously logged in user. It is recommended that the Nextcloud Server is upgraded to 25.0.6 or 26.0.1.
Created nextcloud tracking bugs for this issue: Affects: fedora-all [bug 2210448] Created nextcloud:23/nextcloud tracking bugs for this issue: Affects: epel-all [bug 2210449] Affects: fedora-all [bug 2210452] Created nextcloud:24/nextcloud tracking bugs for this issue: Affects: epel-all [bug 2210450] Affects: fedora-all [bug 2210453] Created nextcloud:nextcloud-18/nextcloud tracking bugs for this issue: Affects: fedora-all [bug 2210454] Created nextcloud:nextcloud-19/nextcloud tracking bugs for this issue: Affects: fedora-all [bug 2210455] Created nextcloud:nextcloud-21/nextcloud tracking bugs for this issue: Affects: fedora-all [bug 2210456] Created nextcloud:nextcloud-22/nextcloud tracking bugs for this issue: Affects: epel-all [bug 2210451] Affects: fedora-all [bug 2210457] Created nextcloud:nextcloud-stable/nextcloud tracking bugs for this issue: Affects: fedora-all [bug 2210458]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.