Vulnerabilities (CVE)

Filtered by vendor Nextcloud Subscribe
Filtered by product User Oidc
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-39953 1 Nextcloud 1 User Oidc 2024-02-28 N/A 4.8 MEDIUM
user_oidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Starting in version 1.0.0 and prior to version 1.3.3, missing verification of the issuer would have allowed an attacker to perform a man-in-the-middle attack returning corrupted or known token they also have access to. user_oidc 1.3.3 contains a patch. No known workarounds are available.
CVE-2023-39954 1 Nextcloud 1 User Oidc 2024-02-28 N/A 8.1 HIGH
user_oidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Starting in version 1.0.0 and prior to version 1.3.3, an attacker that obtained at least read access to a snapshot of the database can impersonate the Nextcloud server towards linked servers. user_oidc 1.3.3 contains a patch. No known workarounds are available.
CVE-2023-28848 1 Nextcloud 1 User Oidc 2024-02-28 N/A 5.4 MEDIUM
user_oidc is the OIDC connect user backend for Nextcloud, an open source collaboration platform. A vulnerability in versions 1.0.0 until 1.3.0 effectively allowed an attacker to bypass the state protection as they could just copy the expected state token from the first request to their second request. Users should upgrade user_oidc to 1.3.0 to receive a patch for the issue. No known workarounds are available.
CVE-2023-32074 1 Nextcloud 1 User Oidc 2024-02-28 N/A 9.8 CRITICAL
user_oidc app is an OpenID Connect user backend for Nextcloud. Authentication can be broken/bypassed in user_oidc app. It is recommended that the Nextcloud user_oidc app is upgraded to 1.3.2