PT-2023-22005 · Nextcloud · User Oidc
Mikaelgundersen
·
Publicado
2023-04-04
·
Atualizado
2023-04-10
·
CVE-2023-28848
CVSS v3.1
4.8
Média
| Vetor | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
user oidc versions 1.0.0 through 1.3.0
Description
A vulnerability in user oidc, the OIDC connect user backend for Nextcloud, an open source collaboration platform, allowed an attacker to bypass the state protection. This was possible because an attacker could copy the expected state token from the first request to their second request.
Recommendations
For versions 1.0.0 through 1.3.0, upgrade user oidc to version 1.3.0 to receive a patch for the issue.
Exploit
Correção
CSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
User Oidc