User Oidc Security Vulnerabilities and Issues — User Oidc CVE List

Lucene search

NextcloudUser Oidc

7 matches found

CVE•added 2023/05/25 11:15 p.m.•88 views

CVE-2023-32074

user_oidc app is an OpenID Connect user backend for Nextcloud. Authentication can be broken/bypassed in user_oidc app. It is recommended that the Nextcloud user_oidc app is upgraded to 1.3.2

9.8CVSS8.8AI score0.00306EPSS

CVE•added 2023/04/04 1:15 p.m.•75 views

CVE-2023-28848

user_oidc is the OIDC connect user backend for Nextcloud, an open source collaboration platform. A vulnerability in versions 1.0.0 until 1.3.0 effectively allowed an attacker to bypass the state protection as they could just copy the expected state token from the first request to their second reque...

5.4CVSS5.1AI score0.00427EPSS

CVE•added 2023/08/10 3:15 p.m.•58 views

CVE-2023-39954

user_oidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Starting in version 1.0.0 and prior to version 1.3.3, an attacker that obtained at least read access to a snapshot of the database can impersonate the Nextcloud server towards linked servers. user_oidc 1....

8.1CVSS5.7AI score0.00374EPSS

CVE•added 2024/06/14 3:15 p.m.•58 views

CVE-2024-37312

user_oidc app is an OpenID Connect user backend for Nextcloud. Missing access control on the ID4me endpoint allows an attacker to register an account eventually getting access to data that is available to all registered users. It is recommended that the OpenID Connect user backend is upgraded to 3....

6.3CVSS6.3AI score0.00253EPSS

CVE•added 2023/08/10 2:15 p.m.•47 views

CVE-2023-39953

user_oidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Starting in version 1.0.0 and prior to version 1.3.3, missing verification of the issuer would have allowed an attacker to perform a man-in-the-middle attack returning corrupted or known token they also h...

4.8CVSS4.9AI score0.0049EPSS

CVE•added 2024/06/14 4:15 p.m.•45 views

CVE-2024-37886

user_oidc app is an OpenID Connect user backend for Nextcloud. An attacker could potentially trick the app into accepting a request that is not signed by the correct server. It is recommended that the Nextcloud user_oidc app is upgraded to 1.3.5, 2.0.0, 3.0.0, 4.0.0 or 5.0.0.

5.4CVSS5.4AI score0.00435EPSS

CVE•added 2024/11/15 6:15 p.m.•40 views

CVE-2024-52512

user_oidc app is an OpenID Connect user backend for Nextcloud. A malicious user could send a malformed login link that would redirect the user to a provided URL after successfully authenticating. It is recommended that the Nextcloud User OIDC app is upgraded to 6.1.0.

6.1CVSS3.8AI score0.00056EPSS