Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nextcloudNextcloudGHSA-52HV-XW32-WF7F
HistoryApr 04, 2023 - 8:03 a.m.

CSRF protection on user_oidc login returned the expected token in case of an error

2023-04-0408:03:46
github.com
18
csrf protection
user_oidc
login
upgrade
hackerone
pullrequest

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

26.2%

JSON

Description

Impact

This effectively allowed an attacker to bypass the state protection as they could just copy the expected state token from the first request to their second request.

Patches

It is recommended that the user_oidc is upgraded to 1.3.0.

Workarounds

No workaround available

References

Are there any links users can visit to find out more?

Related

hackerone 1
cvelist 1
prion 1
cve 1
nvd 1
osv 1
hackerone
hackerone
Nextcloud: CSRF protection on OIDC login is broken
2023-02-18 11:43:16
cvelist
cvelist
CVE-2023-28848 CSRF protection on user_oidc login returned the expected token in case of an error
2023-04-04 12:38:31
prion
prion
Information disclosure
2023-04-04 13:15:00
cve
cve
CVE-2023-28848
2023-04-04 13:15:08
nvd
nvd
CVE-2023-28848
2023-04-04 13:15:08
osv
osv
CVE-2023-28848
2023-04-04 13:15:08

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

26.2%

JSON
Related for GHSA-52HV-XW32-WF7F
hackerone1cvelist1prion1cve1nvd1osv1