Lucene search

K
cve[email protected]CVE-2024-22400
HistoryJan 18, 2024 - 8:15 p.m.

CVE-2024-22400

2024-01-1820:15:08
CWE-601
web.nvd.nist.gov
17
nextcloud
user saml
saml
authentication
security
vulnerability
nextcloud server
server redirection
third-party
nvd
cve-2024-22400

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

20.4%

Nextcloud User Saml is an app for authenticating Nextcloud users using SAML. In affected versions users can be given a link to the Nextcloud server and end up on a uncontrolled thirdparty server. It is recommended that the User Saml app is upgraded to version 5.1.5, 5.2.5, or 6.0.1. There are no known workarounds for this issue.

Affected configurations

Vulners
NVD
Node
nextcloudnextcloudRange5.0.05.1.5
OR
nextcloudnextcloudRange5.2.05.2.5
OR
nextcloudnextcloudRange6.0.06.0.1
VendorProductVersionCPE
nextcloudnextcloud*cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:*:*:*
nextcloudnextcloud*cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:*:*:*
nextcloudnextcloud*cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "nextcloud",
    "product": "security-advisories",
    "versions": [
      {
        "version": ">= 5.0.0, < 5.1.5",
        "status": "affected"
      },
      {
        "version": ">= 5.2.0, < 5.2.5",
        "status": "affected"
      },
      {
        "version": ">= 6.0.0, < 6.0.1",
        "status": "affected"
      }
    ]
  }
]

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

20.4%