Lauritz

**Name of the Vulnerable Software and Affected Versions** user oidc versions prior to 1.2.1 **Description** The issue is related to the improper validation of discovery URLs in the user oidc OpenID Connect user backend for Nextcloud, potentially leading to a stored cross-site scripting attack vector. The impact is limited due to the restrictive Content Security Policy (CSP) applied on this endpoint. This vulnerability has only been shown to be exploitable in the Safari web browser. **Recommendations** For versions prior to 1.2.1, upgrade to version 1.2.1 to address the issue. If an upgrade is not possible, advise users to avoid using the Safari web browser as a temporary mitigation measure.

**Name of the Vulnerable Software and Affected Versions** user oidc versions prior to 1.2.1 **Description** The issue concerns the user oidc OpenID Connect user backend for Nextcloud, where sensitive information such as OIDC client credentials and tokens are sent in plain text over HTTP without TLS in versions prior to 1.2.1. This allows any malicious actor with access to monitor user traffic to potentially compromise account security. **Recommendations** For versions prior to 1.2.1, upgrade to user oidc v1.2.1 to address the issue. As a temporary workaround for users unable to upgrade, use HTTPS to access Nextcloud and set an HTTPS discovery URL in the provider settings within the Nextcloud OIDC admin settings.

**Name of the Vulnerable Software and Affected Versions** Keycloak versions prior to 13.0.0 **Description** A flaw was found in Keycloak, where it is possible to force the server to call out an unverified URL using the OIDC parameter `request uri`. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack. **Recommendations** For versions prior to 13.0.0, update to version 13.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the `request uri` parameter in the OIDC endpoint to minimize the risk of exploitation.