Lucene search
K
NextcloudUser Oidc

9 matches found

CVE
CVE
added 2023/05/25 10:59 p.m.105 views

CVE-2023-32074

CVE-2023-32074 affects the Nextcloud user_oidc app (OpenID Connect backend). The issue is an authentication flaw where brute-force protection is missing, allowing potential credential testing that can break or bypass authentication. The vulnerability is described for versions prior to 1.3.2; reme...

9.8CVSS8.8AI score0.00854EPSS
CVE
CVE
added 2023/04/04 12:38 p.m.87 views

CVE-2023-28848

CVE-2023-28848 affects Nextcloud’s user_oidc (OIDC backend). Versions 1.0.0–1.3.0 allow bypassing CSRF state protection by copying the expected state token from the first request to the second. This enables a CSRF-like bypass. Remediation: upgrade user_oidc to 1.3.0. No known workarounds are prov...

5.4CVSS5.1AI score0.00333EPSS
CVE
CVE
added 2024/06/14 2:43 p.m.74 views

CVE-2024-37312

The CVE concerns Nextcloud’s user_oidc OpenID Connect backend, where the ID4me endpoint lacks access control, enabling account registration and potential access to data available to all registered users. Publicly documented details come from Nextcloud advisories and HackerOne report, which confir...

6.3CVSS6.3AI score0.00637EPSS
CVE
CVE
added 2023/08/10 2:32 p.m.73 views

CVE-2023-39954

CVE-2023-39954 affects the Nextcloud user_oidc app (OIDC backend). Versions 1.0.0 through 1.3.2 allow an attacker with read access to a database snapshot to impersonate the Nextcloud server toward linked servers due to unencrypted storage of the client secret. A patch exists in version 1.3.3 . No...

8.1CVSS5.7AI score0.00362EPSS
CVE
CVE
added 2024/11/15 5:18 p.m.62 views

CVE-2024-52512

CVE-2024-52512 affects the Nextcloud User OIDC app (OpenID Connect backend). A malformed login link can trigger an open redirect to a user-supplied URL after successful authentication. The issue is documented across multiple sources (e.g., Red Hat, CVE lists, advisories) with typical impact descr...

6.1CVSS3.8AI score0.00417EPSS
CVE
CVE
added 2023/08/10 1:55 p.m.60 views

CVE-2023-39953

The CVE-2023-39953 entry concerns Nextcloud’s user_oidc app. Affected versions: 1.0.0 through 1.3.2. Root cause: missing verification of the issuer in the OIDC token validation, enabling a potential Man-in-the-Middle attack that could return corrupted or known tokens. Impact: attacker could lever...

4.8CVSS4.9AI score0.00446EPSS
CVE
CVE
added 2024/06/14 3:45 p.m.60 views

CVE-2024-37886

CVE-2024-37886 affects Nextcloud’s user_oidc OpenID Connect backend; ID4me does not validate the signature or expiration, enabling an attacker to submit requests not signed by the correct server. Upgrades are recommended to Nextcloud user_oidc versions 1.3.5, 2.0.0, 3.0.0, 4.0.0 or 5.0.0. Support...

5.4CVSS5.4AI score0.0024EPSS
CVE
CVE
added 2026/06/01 4:57 p.m.23 views

CVE-2026-45284

Nextcloud vulnerability CVE-2026-45284 affects the User OIDC LdapService in the Nextcloud platform. From version 1.3.6 up to, but not including, 8.4.0, an improper check allowed LDAP-authenticated users who had been deleted to continue authenticating via OIDC. This could permit access to accounts...

8.8CVSS5.7AI score0.00193EPSS
CVE
CVE
added 2026/06/01 4:51 p.m.14 views

CVE-2026-45278

CVE-2026-45278 affects Nextcloud (Open Source content collaboration platform). From version 6.1.0 up to before 8.2.2, an attacker could craft links that redirect users to another website when the user logs in via the attacker’s OIDC link, due to improper redirection handling in user_oidc. The iss...

6.1CVSS5.7AI score0.00232EPSS