2 matches found
CVE-2024-37886 Nextcloud user_oidc's ID4me does not validate signature or expiration
useroidc app is an OpenID Connect user backend for Nextcloud. An attacker could potentially trick the app into accepting a request that is not signed by the correct server. It is recommended that the Nextcloud useroidc app is upgraded to 1.3.5, 2.0.0, 3.0.0, 4.0.0 or 5.0.0...
SUSE CVE-2023-39953
useroidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Starting in version 1.0.0 and prior to version 1.3.3, missing verification of the issuer would have allowed an attacker to perform a man-in-the-middle attack returning corrupted or known token they also...