PT-2023-23585 · Nextcloud · User Oidc

Nickvergessen

Publicado

2023-05-25

Atualizado

2023-06-01

CVE-2023-32074

CVSS v3.1

8.0

Alta

Vetor

AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions user oidc app versions prior to 1.3.2

Description The user oidc app, an OpenID Connect user backend for Nextcloud, has an issue where authentication can be broken or bypassed.

Recommendations For versions prior to 1.3.2, upgrade the Nextcloud user oidc app to version 1.3.2.

Exploit

Correção

Improper Restriction of Excessive Authentication Attempts

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

CVE-2023-32074

GHSA-X8MC-84WJ-RF34

User Oidc