10 matches found
EUVD-2023-43651
Malicious code in bioql PyPI...
EUVD-2023-32474
Malicious code in bioql PyPI...
CVE-2023-39954
CVE-2023-39954 affects the Nextcloud user_oidc app (OIDC backend). Versions 1.0.0 through 1.3.2 allow an attacker with read access to a database snapshot to impersonate the Nextcloud server toward linked servers due to unencrypted storage of the client secret. A patch exists in version 1.3.3 . No...
CVE-2023-39953 Issuer not verified from obtained token in user_oidc
useroidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Starting in version 1.0.0 and prior to version 1.3.3, missing verification of the issuer would have allowed an attacker to perform a man-in-the-middle attack returning corrupted or known token they also...
CVE-2023-39953
The CVE-2023-39953 entry concerns Nextcloudβs user_oidc app. Affected versions: 1.0.0 through 1.3.2. Root cause: missing verification of the issuer in the OIDC token validation, enabling a potential Man-in-the-Middle attack that could return corrupted or known tokens. Impact: attacker could lever...
CVE-2023-28848
useroidc is the OIDC connect user backend for Nextcloud, an open source collaboration platform. A vulnerability in versions 1.0.0 until 1.3.0 effectively allowed an attacker to bypass the state protection as they could just copy the expected state token from the first request to their second...
Information disclosure
useroidc is the OIDC connect user backend for Nextcloud, an open source collaboration platform. A vulnerability in versions 1.0.0 until 1.3.0 effectively allowed an attacker to bypass the state protection as they could just copy the expected state token from the first request to their second...
CVE-2023-28848 CSRF protection on user_oidc login returned the expected token in case of an error
useroidc is the OIDC connect user backend for Nextcloud, an open source collaboration platform. A vulnerability in versions 1.0.0 until 1.3.0 effectively allowed an attacker to bypass the state protection as they could just copy the expected state token from the first request to their second...
CVE-2023-28848 CSRF protection on user_oidc login returned the expected token in case of an error
useroidc is the OIDC connect user backend for Nextcloud, an open source collaboration platform. A vulnerability in versions 1.0.0 until 1.3.0 effectively allowed an attacker to bypass the state protection as they could just copy the expected state token from the first request to their second...
CVE-2023-28848 CSRF protection on user_oidc login returned the expected token in case of an error
useroidc is the OIDC connect user backend for Nextcloud, an open source collaboration platform. A vulnerability in versions 1.0.0 until 1.3.0 effectively allowed an attacker to bypass the state protection as they could just copy the expected state token from the first request to their second...