Advisory 2021-12/1 Delayed session expiration
Session cookies not immediately invalidated after logout
| Security Advisory Date | December 7, 2021 |
| Vulnerability Type | Authentication failure |
| Severity | High |
| Versions affected | FileCloud Versions 21.2 and earlier |
| Version fixed | FileCloud Version 21.2.3.17313 |
Description
When a user logs out of a FileCloud browser session, the server session continues to be valid. An actor who has access to the local browser could possibly steal the session cookies to access the system.
Fix
This has been fixed in FileCloud version 21.2.3.17313.
What you should do
- If you are using FileCloud on-premises, it is recommended that you apply the 21.2.3.17313 patch. This will resolve the issue.
- If you are using FileCloud online, the patch has already been applied to your installation of FileCloud.
If you have any questions about this advisory, please contact FileCloud support.