Products
Nextcloud user_oidc app
- 1.3.5
- 2.0.0
- 3.0.0
- 4.0.0
- 5.0.0
Source
security-advisories@github.com
Tags
CVE-2024-37886 details
Published : June 14, 2024, 4:15 p.m.
Last Modified : June 14, 2024, 4:15 p.m.
Last Modified : June 14, 2024, 4:15 p.m.
Description
user_oidc app is an OpenID Connect user backend for Nextcloud. An attacker could potentially trick the app into accepting a request that is not signed by the correct server. It is recommended that the Nextcloud user_oidc app is upgraded to 1.3.5, 2.0.0, 3.0.0, 4.0.0 or 5.0.0.
CVSS Score
| 1 | 2 | 3 | 4 | 5.4 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
Base Score
5.4
Exploitability Score
Impact Score
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
References
| URL | Source |
|---|---|
| https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vw5h-29xf-g55g | security-advisories@github.com |
| https://github.com/nextcloud/user_oidc/pull/715 | security-advisories@github.com |
| https://hackerone.com/reports/1878391 | security-advisories@github.com |
This website uses the NVD API, but is not approved or certified by it.