Lucene search

User Oidc Security Vulnerabilities

cve

CVE-2023-28848

user_oidc is the OIDC connect user backend for Nextcloud, an open source collaboration platform. A vulnerability in versions 1.0.0 until 1.3.0 effectively allowed an attacker to bypass the state protection as they could just copy the expected state token from the first request to their second reque...

5.4CVSS

5.3AI Score

0.001EPSS

2023-04-04 01:15 PM

cve

CVE-2023-32074

user_oidc app is an OpenID Connect user backend for Nextcloud. Authentication can be broken/bypassed in user_oidc app. It is recommended that the Nextcloud user_oidc app is upgraded to 1.3.2

9.8CVSS

9.4AI Score

0.001EPSS

2023-05-25 11:15 PM

cve

CVE-2023-39953

user_oidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Starting in version 1.0.0 and prior to version 1.3.3, missing verification of the issuer would have allowed an attacker to perform a man-in-the-middle attack returning corrupted or known token they also h...

4.8CVSS

5AI Score

0.001EPSS

2023-08-10 02:15 PM

cve

CVE-2023-39954

user_oidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Starting in version 1.0.0 and prior to version 1.3.3, an attacker that obtained at least read access to a snapshot of the database can impersonate the Nextcloud server towards linked servers. user_oidc 1....

8.1CVSS

7.8AI Score

0.001EPSS

2023-08-10 03:15 PM