Lucene search
K

5 matches found

SUSE CVE
SUSE CVE
added 2023/08/12 2:10 a.m.6 views

SUSE CVE-2023-39954

useroidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Starting in version 1.0.0 and prior to version 1.3.3, an attacker that obtained at least read access to a snapshot of the database can impersonate the Nextcloud server towards linked servers. useroidc...

8.1CVSS6.7AI score0.00362EPSS
Exploits0References3
NVD
NVD
added 2023/08/10 3:15 p.m.16 views

CVE-2023-39954

useroidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Starting in version 1.0.0 and prior to version 1.3.3, an attacker that obtained at least read access to a snapshot of the database can impersonate the Nextcloud server towards linked servers. useroidc...

8.1CVSS5.8AI score0.00362EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/08/10 2:32 p.m.17 views

CVE-2023-39954 user_oidc app stores client secret unencrypted in database

useroidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Starting in version 1.0.0 and prior to version 1.3.3, an attacker that obtained at least read access to a snapshot of the database can impersonate the Nextcloud server towards linked servers. useroidc...

3.8CVSS8.1AI score0.00362EPSS
Exploits0References3
OSV
OSV
added 2023/08/10 2:32 p.m.17 views

CVE-2023-39954 user_oidc app stores client secret unencrypted in database

useroidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Starting in version 1.0.0 and prior to version 1.3.3, an attacker that obtained at least read access to a snapshot of the database can impersonate the Nextcloud server towards linked servers. useroidc...

3.8CVSS7.8AI score0.00362EPSS
Exploits0References5
CVE
CVE
added 2023/08/10 2:32 p.m.73 views

CVE-2023-39954

CVE-2023-39954 affects the Nextcloud user_oidc app (OIDC backend). Versions 1.0.0 through 1.3.2 allow an attacker with read access to a database snapshot to impersonate the Nextcloud server toward linked servers due to unencrypted storage of the client secret. A patch exists in version 1.3.3 . No...

8.1CVSS5.7AI score0.00362EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder