2 matches found
CVE-2022-39339
Summary of CVE-2022-39339 : The Nextcloud OpenID Connect user backend, named user_oidc , is affected in versions prior to 1.2.1. The root cause is that sensitive data such as OIDC client credentials and tokens could be transmitted in plain HTTP (no TLS), enabling interception by anyone monitoring...
CVE-2022-39338
CVE-2022-39338 concerns Nextcloud’s user_oidc OpenID Connect backend. Connected sources confirm the issue is a stored XSS vulnerability caused by improper validation of discovery URLs in versions prior to 1.2.1, with exploitation demonstrated specifically in Safari (workarounds and CSP limitation...