CVE-2023-28848 CSRF protection on user_oidc login returned the expected token in case of an error

2023-04-0412:38:31

CWE-352

GitHub_M

www.cve.org

cve-2023-28848

csrf protection

user_oidc

oidc connect

nextcloud collaboration platform

vulnerability

patch

upgrade

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

26.2%

JSON

user_oidc is the OIDC connect user backend for Nextcloud, an open source collaboration platform. A vulnerability in versions 1.0.0 until 1.3.0 effectively allowed an attacker to bypass the state protection as they could just copy the expected state token from the first request to their second request. Users should upgrade user_oidc to 1.3.0 to receive a patch for the issue. No known workarounds are available.

CNA Affected

[
  {
    "vendor": "nextcloud",
    "product": "security-advisories",
    "versions": [
      {
        "version": ">= 1.0.0, < 1.3.0",
        "status": "affected"
      }
    ]
  }
]