Openid Connect User Backend Security Vulnerabilities and Issues — Openid Connect User Backend CVE List

Lucene search

NextcloudOpenid Connect User Backend

1 matches found

CVE•added 2022/11/25 7:15 p.m.•50 views

CVE-2022-39338

user_oidc is an OpenID Connect user backend for Nextcloud. Versions prior to 1.2.1 did not properly validate discovery urls which may lead to a stored cross site scripting attack vector. The impact is limited due to the restrictive CSP that is applied on this endpoint. Additionally this vulnerabili...

5.4CVSS4.4AI score0.00123EPSS