CVE-2026-45278 Nextcloud: Open Redirect in user_oidc login flow via protocol-relative URL bypass

Nextcloud is an open source content collaboration platform. From version 6.1.0 to before version 8.2.2, an attacker can craft links that would redirect users to another website, when the victim uses the attackers link to log in via user OIDC. This issue has been patched in version 8.2.2...

Nextcloud user_oidc: Input validation error vulnerability

Nextcloud useroidc is an application developed by the German company Nextcloud. In versions 6.1.0 to 8.2.2, there was a vulnerability related to input validation errors. This vulnerability stemmed from improper redirection handling, which could allow attackers to create links that redirect users ...

EUVD-2025-35635

Malicious code in useroidc npm...

MAL-2025-48555 Malicious code in user_oidc (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e28e6e5435f54199a3dca6186e1ad2d2846226bcf0a6792ff09d40b6215ed7af The OpenSSF Package Analysis project identified 'useroidc' @ 8.0.2 np...

EUVD-2023-43652

Malicious code in bioql PyPI...

CVE-2024-52512

CVE-2024-52512 affects the Nextcloud User OIDC app (OpenID Connect backend). A malformed login link can trigger an open redirect to a user-supplied URL after successful authentication. The issue is documented across multiple sources (e.g., Red Hat, CVE lists, advisories) with typical impact descr...

CVE-2024-52512 Nextcloud User OIDC has an open redirection when logging in with User OIDC

useroidc app is an OpenID Connect user backend for Nextcloud. A malicious user could send a malformed login link that would redirect the user to a provided URL after successfully authenticating. It is recommended that the Nextcloud User OIDC app is upgraded to 6.1.0...

CVE-2024-52512 Nextcloud User OIDC has an open redirection when logging in with User OIDC

useroidc app is an OpenID Connect user backend for Nextcloud. A malicious user could send a malformed login link that would redirect the user to a provided URL after successfully authenticating. It is recommended that the Nextcloud User OIDC app is upgraded to 6.1.0...

CVE-2024-52512 Nextcloud User OIDC has an open redirection when logging in with User OIDC

useroidc app is an OpenID Connect user backend for Nextcloud. A malicious user could send a malformed login link that would redirect the user to a provided URL after successfully authenticating. It is recommended that the Nextcloud User OIDC app is upgraded to 6.1.0...

Open redirection when logging in with User OIDC

None...

CVE-2023-39953

useroidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Starting in version 1.0.0 and prior to version 1.3.3, missing verification of the issuer would have allowed an attacker to perform a man-in-the-middle attack returning corrupted or known token they also...

Code injection

useroidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Starting in version 1.0.0 and prior to version 1.3.3, missing verification of the issuer would have allowed an attacker to perform a man-in-the-middle attack returning corrupted or known token they also...

CVE-2023-39953 Issuer not verified from obtained token in user_oidc

useroidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Starting in version 1.0.0 and prior to version 1.3.3, missing verification of the issuer would have allowed an attacker to perform a man-in-the-middle attack returning corrupted or known token they also...

PT-2023-27171 · User Oidc +1 · User Oidc +1

Name of the Vulnerable Software and Affected Versions: user oidc versions 1.0.0 through 1.3.2 Description: The issue affects the user oidc module, which provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. An attacker with at least read access to a snapshot of the...

Nextcloud user_oidc security vulnerability

Nextcloud useroidc is an application from Nextcloud, Germany. A security vulnerability exists in Nextcloud useroidc version 1.0.0 through versions prior to 1.3.3, which stems from a lack of validation of the issuer...

PT-2023-23585 · Nextcloud · User Oidc

Name of the Vulnerable Software and Affected Versions: user oidc app versions prior to 1.3.2 Description: The user oidc app, an OpenID Connect user backend for Nextcloud, has an issue where authentication can be broken or bypassed. Recommendations: For versions prior to 1.3.2, upgrade the Nextclo...

CVE-2023-28848

useroidc is the OIDC connect user backend for Nextcloud, an open source collaboration platform. A vulnerability in versions 1.0.0 until 1.3.0 effectively allowed an attacker to bypass the state protection as they could just copy the expected state token from the first request to their second...

user_oidc 跨站请求伪造漏洞

Nextcloud useroidc is an application from Nextcloud, Germany. A cross-site request forgery vulnerability exists in useroidc versions 1.0.0 through 1.3.0, which stems from the application copying an expected status token from the first request to the second request...

PT-2022-24909 · Nextcloud · User Oidc

Name of the Vulnerable Software and Affected Versions: user oidc versions prior to 1.2.1 Description: The issue concerns the user oidc OpenID Connect user backend for Nextcloud, where sensitive information such as OIDC client credentials and tokens are sent in plain text over HTTP without TLS in...

PT-2022-24908 · Nextcloud +1 · User Oidc +1

Name of the Vulnerable Software and Affected Versions: user oidc versions prior to 1.2.1 Description: The issue is related to the improper validation of discovery URLs in the user oidc OpenID Connect user backend for Nextcloud, potentially leading to a stored cross-site scripting attack vector. T...