Session cookies not immediately invalidated after logout
|Security Advisory Date||December 7, 2021|
|Vulnerability Type||Authentication failure|
|Versions affected||FileCloud Versions 21.2 and earlier|
|Version fixed||FileCloud Version 184.108.40.20613|
When a user logs out of a FileCloud browser session, the server session continues to be valid. An actor who has access to the local browser could possibly steal the session cookies to access the system.
This has been fixed in FileCloud version 220.127.116.1113.
What you should do
- If you are using FileCloud on-premises, it is recommended that you apply the 18.104.22.16813 patch. This will resolve the issue.
- If you are using FileCloud online, the patch has already been applied to your installation of FileCloud.
If you have any questions about this advisory, please contact FileCloud support.