User Oidc@* Security Vulnerabilities and Issues — User Oidc@* CVE List

NextcloudUser Oidc*

3 matches found

CVE•added 2023/05/25 10:59 p.m.•94 views

CVE-2023-32074

CVE-2023-32074 affects the Nextcloud user_oidc app (OpenID Connect backend). The issue is an authentication flaw where brute-force protection is missing, allowing potential credential testing that can break or bypass authentication. The vulnerability is described for versions prior to 1.3.2; reme...

9.8CVSS8.8AI score0.00298EPSS

CVE•added 2024/06/14 2:43 p.m.•64 views

CVE-2024-37312

The CVE concerns Nextcloud’s user_oidc OpenID Connect backend, where the ID4me endpoint lacks access control, enabling account registration and potential access to data available to all registered users. Publicly documented details come from Nextcloud advisories and HackerOne report, which confir...

6.3CVSS6.3AI score0.00467EPSS

CVE•added 2024/06/14 3:45 p.m.•49 views

CVE-2024-37886

CVE-2024-37886 affects Nextcloud’s user_oidc OpenID Connect backend; ID4me does not validate the signature or expiration, enabling an attacker to submit requests not signed by the correct server. Upgrades are recommended to Nextcloud user_oidc versions 1.3.5, 2.0.0, 3.0.0, 4.0.0 or 5.0.0. Support...

5.4CVSS5.4AI score0.00591EPSS