Advisory 2021-12/1 Delayed session expiration

Session cookies not immediately invalidated after logout

Security Advisory DateDecember 7, 2021
Vulnerability TypeAuthentication failure
Severity 

High

Versions affectedFileCloud Versions 21.2 and earlier
Version fixedFileCloud Version 21.2.3.17313

Description

When a user logs out of a FileCloud browser session, the server session continues to be valid. An actor who has access to the local browser could possibly steal the session cookies to access the system.

Fix

This has been fixed in FileCloud version 21.2.3.17313.

What you should do

  • If you are using FileCloud on-premises, it is recommended that you apply the 21.2.3.17313 patch. This will resolve the issue.
  • If you are using FileCloud online, the patch has already been applied to your installation of FileCloud.

If you have any questions about this advisory, please contact FileCloud support